A new cyberattack has put millions of crypto users on alert after hackers slipped malicious code into NPM, the software ...

Billions (No, that's not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the Billions of downloads were potentially compromised ...

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, ...

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...

Charles Guillemet, CTO at the crypto wallet platform Ledger, warned the crypto community to be cautious while executing ...

According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in ...

Open source software is a pivotal infrastructural component of the modern internet, but its unique security dilemmas can, on ...

The malware was found in 18 npm packages that together are usually downloaded over 2 billion times per week. But the security ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.

Hackers launched the largest NPM crypto attack in history and compromised 18 JavaScript packages with billions of downloads.