Hackers launched the largest NPM crypto attack in history and compromised 18 JavaScript packages with billions of downloads.

During the two-hour window on Monday in which hijacked npm versions were available for download, malware-laced packages ...

A major supply chain attack on the NPM repository briefly threatened crypto users worldwide. Malicious code was pushed into ...

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

An escalating npm supply chain attack has compromised dozens of foundational JavaScript packages to spread malware and drain ...

Malware hidden in widely used libraries like chalk and debug hijacked crypto transactions via browser APIs, exposing deep ...

NPM supply chain attack compromised 18 popular JavaScript packages, swapping crypto wallet addresses, but quick detection ...

"debug" package attack failed; malicious update detected early, minimal impact. Developers urged to check their installations ...

A cryptocurrency thief got into the npm account of a hard-working developer via spearphishing. node.js packages with billions ...

Npm packages are reusable blocks of JavaScript code published to the Node Package Manager registry that developers can ...

A new digital supply chain attack has targeted popular open-source npm packages with at least two billion downloads per week. On Sept. 8, Josh Junon, a package maintainer whose account was at the ...

A serious security scare has hit the open-source software world, and it’s got big implications for crypto. Ledger’s chief ...