"debug" package attack failed; malicious update detected early, minimal impact. Developers urged to check their installations ...

A new cyberattack is silently targeting crypto from users during transactions amid an incident that security researchers ...

A major supply chain attack on the NPM repository briefly threatened crypto users worldwide. Malicious code was pushed into ...

Malware hidden in widely used libraries like chalk and debug hijacked crypto transactions via browser APIs, exposing deep ...

A phishing campaign leveraging the Salty2FA kit has been uncovered by cybersecurity researchers, revealing advanced ...

Hackers launched the largest NPM crypto attack in history and compromised 18 JavaScript packages with billions of downloads.

Billions (No, that's not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the Billions of downloads were potentially compromised ...

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...