News

SecurityWeek4d

Highly Popular NPM Packages Poisoned in New Supply Chain Attack

Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...

Major attack on node.js

A cryptocurrency thief got into the npm account of a hard-working developer via spearphishing. node.js packages with billions ...

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...
Security Boulevard3d

How npm Security Collapsed Thanks To a 2FA Exploit

Billions (No, that's not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the Billions of downloads were potentially compromised ...
CoinDesk5d

Ethereum, Solana Wallets Targeted in Massive 'npm' Attack But Just 5 Cents Taken

The credential stealer harvested username, password, and 2FA codes before sending them to a remote host. With full access, ...
Securities.io2d

NPM Supply-Chain Attack: What Happened and How to Fix It

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...
Krebs on Security5d

18 Popular Code Packages Hacked, Rigged to Steal Crypto

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were ...
InsideBitcoins5d

NPM Hack Puts 1 Billion Crypto Wallets At Risk As Ledger CTO Urges Users To Halt Transactions

An NPM supply chain attack has prompted Ledger Chief Technology Officer Charles Guillemet to urge crypto users to pause on-chain transactions.