"debug" package attack failed; malicious update detected early, minimal impact. Developers urged to check their installations ...

More companies are moving to integrate custom AI agents into business operations. Here are eight essential capabilities to ...

The credential stealer harvested username, password, and 2FA codes before sending them to a remote host. With full access, ...

Multiple npm packages have been compromised by a phishing attack in an attempt to spread crypto malware to billions of victims.

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after ...

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...

According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in ...

A large-scale supply chain attack on the JavaScript ecosystem has prompted an urgent warning from Ledger’s chief technology ...

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

It’s hard to see how the company that gave us ChatGPT — or any other AI software company, for that matter — can turn a profit ...

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...