Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.

Two billion downloads per week. That’s the download totals for the NPM packages compromised in a supply-chain attack this week. Ninety-nine percent of the cloud depends on one of the ...

The credential stealer harvested username, password, and 2FA codes before sending them to a remote host. With full access, ...

The supply chain npm attack did not steal millions in crypto, despite initial fears. The wallets used in the attack only ...

According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in ...

Security experts have warned that a newly discovered supply chain attack targeting npm packages is still active and may ...

The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, ...

Charles Guillemet, CTO at the crypto wallet platform Ledger, warned the crypto community to be cautious while executing ...

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...

Crypto intelligence platform Security Alliance released a report on Sep. 8 to reveal that Ethereum and Solana wallets have ...