Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...

Crypto intelligence platform Security Alliance released a report on Sep. 8 to reveal that Ethereum and Solana wallets have ...

Note: If you’re using MetaMask, Phantom, Trust Wallet, or any crypto app, the advice is simple, take your time, check every ...

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after ...

Charles Guillemet says a phishing-led supply-chain breach could have become a systemic disaster for crypto users.

The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, ...

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...

Open source software is a pivotal infrastructural component of the modern internet, but its unique security dilemmas can, on ...

Miscreants cost victims time rather than money During the two-hour window on Monday in which hijacked npm versions were ...

The credential stealer harvested username, password, and 2FA codes before sending them to a remote host. With full access, ...

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...