"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...
JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.
Shai-Hulud is the third major supply chain attack targeting the NPM ecosystem after the s1ngularity attack and the recent ...
On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...
In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...
The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...
A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.
Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after ...
Hackers hijacked NPM libraries in a massive supply chain attack, injecting malware that swaps crypto wallet addresses to steal funds.
Billions (No, that's not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the Billions of downloads were potentially compromised ...
Less $50 worth of crypto has been stolen from the large-scale JavaScript libraries attack on Monday, which targeted Ethereum ...
Plus: An investigation reveals how US tech companies reportedly helped build China’s sweeping surveillance state, and two ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback