JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by ...

Crypto intelligence platform Security Alliance released a report on Sep. 8 to reveal that Ethereum and Solana wallets have ...

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after ...

Earlier this week, the Npm package manager suffered what may be its worst security incident to date. Unknown cybercriminals ...

The supply chain npm attack did not steal millions in crypto, despite initial fears. The wallets used in the attack only ...

An NPM supply chain attack has prompted Ledger Chief Technology Officer Charles Guillemet to urge crypto users to pause on-chain transactions.

A JavaScript supply chain attack has delivered a crypto-clipper via 18 npm packages; Ledger’s CTO has warned ...

The credential stealer harvested username, password, and 2FA codes before sending them to a remote host. With full access, ...

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...