On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

Crypto intelligence platform Security Alliance released a report on Sep. 8 to reveal that Ethereum and Solana wallets have ...

Charles Guillemet, CTO at the crypto wallet platform Ledger, warned the crypto community to be cautious while executing ...

Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after ...

A new digital supply chain attack has targeted popular open-source npm packages with at least two billion downloads per week. On Sept. 8, Josh Junon, a package maintainer whose account was at the ...

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...

According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in ...

之前Claude Code几乎垄断AI CLI，但伴随着最近Claude作妖事件，也让中国开发者纷纷表示要弃用。这个节骨眼上，腾讯自研的AI CLI出来得刚刚好，而且国内版直接集成DeepSeek免费使用，在很多运维场景中也完全够用了。

Crims have added backdoors to at least 18 npm packages after developer Josh Junon inadvertently authorized a reset of the two ...