JavaScript packages with billions of downloads were injected with malicious code in world's largest supply chain hack, geared to steal crypto — a phishing email is all it ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.

Breach of npm threatens billions of weekly downloads in JavaScript ecosystem

Earlier this week, the Npm package manager suffered what may be its worst security incident to date. Unknown cybercriminals ...
InfoWorldOpinion

NPM attacks and the security of software supply chains

Process improvements and a closer look at funding streams will provide far more protection for the open source software we ...

Malware Injected Into Code Packages That Get 2 Billion+ Downloads Each Week

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...

Crypto users urged to take extreme care as NPM attack hits core JavaScript libraries

Hackers hijacked NPM libraries in a massive supply chain attack, injecting malware that swaps crypto wallet addresses to steal funds.
The Hacker News

CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader

CountLoader enables Russian ransomware gangs to deploy Cobalt Strike and PureHVNC RAT via Ukraine phishing campaigns.
Crypto News

“Avoid On-Chain Transactions”: Ledger CTO Issues Urgent Warning After JavaScript Attack

A JavaScript supply chain attack has delivered a crypto-clipper via 18 npm packages; Ledger’s CTO has warned ...

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...

Hackers are sneaking malware into SVG images to bypass antivirus - here's what we know

Hackers are sharing malicious SVG files which spoof real-life websites in order to trick victims into downloading damaging ...
Cryptopolitan on MSN

Is Binance’s customer data, assets at risk after major supply chain attack?

Binance reassures customers after a massive NPM supply chain attack injects malicious code into 18 popular JavaScript ...
The Hacker News

ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks

ComicForm phishing since April 2025 targets Belarus, Kazakhstan, Russia using Formbook malware, evading Microsoft Defender.

Massive npm hack poisons 18 packages with billions of downloads

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after ...