bluedoor data·Trust Centers API·bluedoor.sh

Home / Security updates / Highly popular npm packages compromised – EQS Group is not affected

Highly popular npm packages compromised – EQS Group is not affected

Security updates detail rendered from /security-updates/upd_ecee91b682c81a89.

Overview

IDupd_ecee91b682c81a89
CollectionSecurity Updates
ProviderSafeBase
CompanyEQS Group
URL-
Counts-
Updated-

Raw record

FieldValue
idupd_ecee91b682c81a89
providerIdsafebase
organizationIdorg_9909d4d119a6071e
trustCenterIdtc_4648669745149f34
titleHighly popular npm packages compromised – EQS Group is not affected
messageOn August 26, 2025, malicious versions of several Nx packages were published to npm. Attackers exploited a vulnerability to steal the NPM publishing token of Nx and publish malicious packages for 4 hours. The packages scanned users' systems for sensitive data and uploaded it to public GitHub repositories. [Link to the vendor's statement](https://nx.dev/blog/s1ngularity-postmortem) – [Link to the news](https://www.bleepingcomputer.com/news/security/ai-powered-malware-hit-2-180-github-accounts-in-s1ngularity-attack/). On Sep 8, 2025, malicious releases of 18 popular npm packages (incl. debug and chalk) maintained by Qx were published. When bundled into frontend assets and deployed on a website, they run in visitors' browsers and can silently rewrite wallet recipients/approvals. [Link to the news](https://www.bleepingcomputer.com/news/security/hackers-hijack-npm-packages-with-2-billion-weekly-downloads-in-supply-chain-attack/). On September 9th, additional npm packages were reported by
url-
publishedAt2025-09-11
source
{
  "field": "statuspage/public/compliance-update",
  "category": "vulnerabilities"
}
company
{
  "id": "org_9909d4d119a6071e",
  "name": "EQS Group",
  "domains": [
    "trust.eqs.com",
    "eqs.com"
  ]
}
trust_center
{
  "id": "tc_4648669745149f34",
  "name": "EQS Group",
  "url": "https://trust.eqs.com",
  "host": "trust.eqs.com"
}
provider
{
  "id": "safebase",
  "name": "SafeBase"
}
links
{
  "self": "/v1/security-updates/upd_ecee91b682c81a89",
  "company": "/v1/companies/org_9909d4d119a6071e",
  "trust_center": "/v1/trust-centers/tc_4648669745149f34",
  "provider": "/v1/providers/safebase"
}
Get this page with API

Rendered from the bluedoor Trust Centers API. Reproduce it:

GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_ecee91b682c81a89JSON