JavaScript packages with billions of downloads were injected with malicious code in world's largest supply chain hack, geared to steal crypto — a phishing email is all it ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.

Breach of npm threatens billions of weekly downloads in JavaScript ecosystem

Earlier this week, the Npm package manager suffered what may be its worst security incident to date. Unknown cybercriminals ...
Blockonomi

JavaScript Libraries with 2 Billion Weekly Downloads Targeted in Crypto Theft Attempt

NPM supply chain attack compromised 18 popular JavaScript packages, swapping crypto wallet addresses, but quick detection ...
InfoWorldOpinion

NPM attacks and the security of software supply chains

Process improvements and a closer look at funding streams will provide far more protection for the open source software we ...

Malware Injected Into Code Packages That Get 2 Billion+ Downloads Each Week

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...

Crypto users urged to take extreme care as NPM attack hits core JavaScript libraries

Hackers hijacked NPM libraries in a massive supply chain attack, injecting malware that swaps crypto wallet addresses to steal funds.
Live Bitcoin News

Crypto Industry Hit by North Korean “BeaverTail” Malware Campaign

North Korean hackers target the crypto sector with BeaverTail malware, using fake job offers to steal login credentials and crypto wallets.
The Hacker News

CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader

CountLoader enables Russian ransomware gangs to deploy Cobalt Strike and PureHVNC RAT via Ukraine phishing campaigns.
The Hacker News

ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks

ComicForm phishing since April 2025 targets Belarus, Kazakhstan, Russia using Formbook malware, evading Microsoft Defender.
Crypto News

“Avoid On-Chain Transactions”: Ledger CTO Issues Urgent Warning After JavaScript Attack

A JavaScript supply chain attack has delivered a crypto-clipper via 18 npm packages; Ledger’s CTO has warned ...

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...

Massive npm hack poisons 18 packages with billions of downloads

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after ...