North Korean attackers have delivered more than 197 malicious packages as part of ongoing state-sponsored activity to ...

Malicious npm package mimics an ESLint plugin, embeds an AI-tricking prompt, and steals environment variables via a ...

The originators of the Contagious Interview cyberattack campaign are stitching GitHub, Vercel, and NPM together into a development and delivery pipeline to drop malware.

Newly discovered npm package 'fezbox' employs QR codes to retrieve cookie-stealing malware from the threat actor's server. The package, masquerading as a utility library, leverages this innovative ...

In a supply chain attack, the trending npm package, @ctrl/tinycolor, was in the target. Dastardly versions steal secrets through TruffleHog scanning. The npm package ecosystem has been compromised by ...

What the Script: Supply chain attacks are traditionally designed to inflict maximum damage on structured organizations or companies. However, when such an attack compromises a supply chain that an ...

Largest cryptocurrency product seems to be unaffected by biggest "supply chain" hack in history So far, no cryptocurrency service has reported losses as a result of clipper malware being injected into ...

A trusted maintainer of JavaScript libraries was compromised, injecting 18 widely downloaded npm packages with malicious code. The code swaps transactions with similar-looking destination addresses.

A new cyberattack has put millions of crypto users on alert after hackers slipped malicious code into NPM, the software registry that powers thousands of apps and websites, including many tied to ...

A large-scale supply chain attack on the JavaScript ecosystem has prompted an urgent warning from Ledger’s chief technology officer, Charles Guillemet, who advised users without hardware wallets to ...

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by bitcoin wallets. A major NPM developer, qix, has had their account compromised.