A cryptocurrency thief got into the npm account of a hard-working developer via spearphishing. node.js packages with billions ...

9 月 8 日，Node.js 生态链遭遇前所未有的冲击。资深 npm 维护者 Qix（Josh Junon） 因一封钓鱼邮件泄露了账户，攻击者趁机在多个热门包里植入了恶意代码。这次事件迅速引爆社区，成为开源史上下载量最大的供应链攻击之一。

JavaScript is a sprawling and ever-changing behemoth, and may be the single-most connective piece of web technology. From AI ...

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

Mohammedia – A new malware strain named ModStealer has emerged, posing a significant threat to cryptocurrency users. This ...

Charles Guillemet, Ledger CTO, revealed another similar attack that allowed attackers to compromise a Node Package Manager ...

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...

After warning 9to5Mac last month about undetectable Mac malware hidden in a fake PDF converter site, Mosyle, a leader ...

A newly discovered cross-platform malware dubbed ModStealer is slipping past antivirus systems and targeting crypto wallets ...