News
On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...
Multiple npm packages have been compromised by a phishing attack in an attempt to spread crypto malware to billions of victims.
Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...
A cryptocurrency thief got into the npm account of a hard-working developer via spearphishing. node.js packages with billions ...
In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...
Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback