A new cyberattack has put millions of crypto users on alert after hackers slipped malicious code into NPM, the software ...

Billions (No, that's not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the Billions of downloads were potentially compromised ...

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...

The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, ...

Charles Guillemet, CTO at the crypto wallet platform Ledger, warned the crypto community to be cautious while executing ...

According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in ...

Open source software is a pivotal infrastructural component of the modern internet, but its unique security dilemmas can, on ...

The malware was found in 18 npm packages that together are usually downloaded over 2 billion times per week. But the security ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.

Less $50 worth of crypto has been stolen from the large-scale JavaScript libraries attack on Monday, which targeted Ethereum ...