Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...

Miscreants cost victims time rather than money During the two-hour window on Monday in which hijacked npm versions were ...

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were ...

The supply chain npm attack did not steal millions in crypto, despite initial fears. The wallets used in the attack only ...

Note: If you’re using MetaMask, Phantom, Trust Wallet, or any crypto app, the advice is simple, take your time, check every ...

The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, ...

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

Security experts have warned that a newly discovered supply chain attack targeting npm packages is still active and may ...

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after ...

According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in ...

Crypto intelligence platform Security Alliance released a report on Sep. 8 to reveal that Ethereum and Solana wallets have ...