A malicious npm WhatsApp library with 56,000 downloads secretly stole messages, credentials, and contacts in a sophisticated ...

A new variant of the BeaverTail malware linked to North Korean hackers has been identified targeting cryptocurrency traders ...

What Happened in the Shai Hulud JavaScript Attack? A major JavaScript supply-chain attack has compromised more than 400 NPM packages — including at least 10 widely used across the crypto ecosystem — ...

Threat actors used automation to create over 175 malicious NPM packages targeting more than 135 organizations. Threat actors are abusing legitimate NPM infrastructure in a new phishing campaign that ...

Newly discovered npm package 'fezbox' employs QR codes to retrieve cookie-stealing malware from the threat actor's server. The package, masquerading as a utility library, leverages this innovative ...

What the Script: Supply chain attacks are traditionally designed to inflict maximum damage on structured organizations or companies. However, when such an attack compromises a supply chain that an ...

SAN FRANCISCO, Sept 9 (Reuters) - How can Tesla (TSLA.O), opens new tab become an $8.5 trillion company? That's the market valuation the electric vehicle maker would have to reach to justify CEO Elon ...

A recent Node Package Manager (NPM) attack stole just $50 worth of crypto, but industry experts say the incident highlights ongoing vulnerabilities for exchanges and software wallets. Charles ...

A new cyberattack has put millions of crypto users on alert after hackers slipped malicious code into NPM, the software registry that powers thousands of apps and websites, including many tied to ...

The breach hit core JavaScript libraries such as chalk and strip-ansi, downloaded billions of times each week, raising alarms over the security of open-source software. Hackers have compromised widely ...