News

Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

In a supply chain attack, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after ...
Infosecurity Magazine2h

Open Source Community Thwarts Massive npm Supply Chain Attack

What could have been a historic supply chain attack seems to have been averted due to the rapid response of the open source ...
Developer Tech2h

Escalating npm supply chain malware attack drains crypto wallets

An escalating npm supply chain attack has compromised dozens of foundational JavaScript packages to spread malware and drain ...
Security Boulevard29m

How One Phishing Email Compromised 18 npm Packages and Billions of Installs

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...
Crypto News18h

“Avoid On-Chain Transactions”: Ledger CTO Issues Urgent Warning After JavaScript Attack

A JavaScript supply chain attack has delivered a crypto-clipper via 18 npm packages; Ledger’s CTO has warned ...

This 2FA phishing scam pwned a developer - and endangered billions of npm downloads

A new digital supply chain attack has targeted popular open-source npm packages with at least two billion downloads per week. On Sept. 8, Josh Junon, a package maintainer whose account was at the ...

Crypto users urged to take extreme care as NPM attack hits core JavaScript libraries

Hackers hijacked NPM libraries in a massive supply chain attack, injecting malware that swaps crypto wallet addresses to steal funds.