Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...

Hackers injected malicious code into nearly a dozen 20 NPM packages with billions of weekly downloads in a software supply chain attack after phishing a maintainer’s account.

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...

Ledger CTO cautions users to halt crypto transactions due to a mass NPM attack that hijacks wallets and loots money.

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after ...

Billions (No, that's not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the Billions of downloads were potentially compromised ...

Hackers launched the largest NPM crypto attack in history and compromised 18 JavaScript packages with billions of downloads.

Hackers hijacked popular web code to steal crypto. Users must check every wallet transaction to avoid losing funds.

What could have been a historic supply chain attack seems to have been averted due to the rapid response of the open source ...

An escalating npm supply chain attack has compromised dozens of foundational JavaScript packages to spread malware and drain crypto wallets.

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...