Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

Billions (No, that's not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the Billions of downloads were potentially compromised ...

Researchers believe that's partly down to the spider's 'dark DNA' - a mysterious part of the animal's genetic code, and they ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

"debug" package attack failed; malicious update detected early, minimal impact. Developers urged to check their installations ...

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after ...

SwissBorg confirmed that hackers exploited a vulnerability in staking partner Kiln’s API, which allowed them to drain 193,000 ...

Ledger’s chief technology officer issued an urgent warning on Monday after discovering what he described as a large-scale ...

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...

A JavaScript supply chain attack has delivered a crypto-clipper via 18 npm packages; Ledger’s CTO has warned ...

Security experts are advising crypto users to be very careful as a large-scale supply chain exploit could be used to swipe funds.