Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...

The malicious JavaScript code ("bundle.js") injected into each of the trojanized package is designed to download and run ...

Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...

In a similar style to the Nx attack, the payload then publishes a new repo via the victim's GitHub account, dropping stolen ...

Two billion downloads per week. That’s the download totals for the NPM packages compromised in a supply-chain attack this ...

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.

The credential stealer harvested username, password, and 2FA codes before sending them to a remote host. With full access, ...

Hackers injected malicious code into nearly a dozen 20 NPM packages with billions of weekly downloads in a software supply chain attack after phishing a maintainer’s account.

Charles Guillemet, CTO at the crypto wallet platform Ledger, warned the crypto community to be cautious while executing ...

The supply chain npm attack did not steal millions in crypto, despite initial fears. The wallets used in the attack only ...