Billions (No, that's not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the Billions of downloads were potentially compromised ...

网络安全公司Aikido ...

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...

According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in ...

Ledger CTO cautions users to halt crypto transactions due to a mass NPM attack that hijacks wallets and loots money.

The credential stealer harvested username, password, and 2FA codes before sending them to a remote host. With full access, ...

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...

A：这是迄今为止最大规模的npm供应链攻击事件，攻击者向18个热门软件包注入恶意代码，这些软件包的总下载量超过26亿次/周。其中包括chalk（3亿次/周）、debug（3.58亿次/周）和ansi-styles（3.7亿次/周）等广泛使用的开发者工 ...

Npm packages are reusable blocks of JavaScript code published to the Node Package Manager registry that developers can ...

9 月 8 日，Node.js 生态链遭遇前所未有的冲击。资深 npm 维护者 Qix（Josh Junon） 因一封钓鱼邮件泄露了账户，攻击者趁机在多个热门包里植入了恶意代码。这次事件迅速引爆社区，成为开源史上下载量最大的供应链攻击之一。

Hackers launched the largest NPM crypto attack in history and compromised 18 JavaScript packages with billions of downloads.

What could have been a historic supply chain attack seems to have been averted due to the rapid response of the open source ...