JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.

Security researchers found malware packages using the Ethereum blockchain to conceal malicious commands on GitHub repos.

ReversingLabs reveals hackers using Ethereum Smart contracts in NPM packages to conceal malware URLs, bypass scans, and ...

Cybersecurity firm HiddenLayer uncovers a “CopyPasta License Attack” that exploits Coinbase’s favored AI coding tool, Cursor.

Popular npm packages debug, chalk, and others hijacked in massive supply chain attack Crims have added backdoors to at least ...

Hackers use Ethereum smart contracts to hide malware in NPM packages, launching a stealthy crypto-themed supply chain attack.