JavaScript packages with billions of downloads were injected with malicious code in world's largest supply chain hack, geared to steal crypto — a phishing email is all it ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.
Blockonomi

JavaScript Libraries with 2 Billion Weekly Downloads Targeted in Crypto Theft Attempt

NPM supply chain attack compromised 18 popular JavaScript packages, swapping crypto wallet addresses, but quick detection ...

Breach of npm threatens billions of weekly downloads in JavaScript ecosystem

Earlier this week, the Npm package manager suffered what may be its worst security incident to date. Unknown cybercriminals ...

Malware Injected Into Code Packages That Get 2 Billion+ Downloads Each Week

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...
InfoWorldOpinion

NPM attacks and the security of software supply chains

Process improvements and a closer look at funding streams will provide far more protection for the open source software we ...
Crypto News

“Avoid On-Chain Transactions”: Ledger CTO Issues Urgent Warning After JavaScript Attack

A JavaScript supply chain attack has delivered a crypto-clipper via 18 npm packages; Ledger’s CTO has warned ...

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...
The Hacker News

ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks

ComicForm phishing since April 2025 targets Belarus, Kazakhstan, Russia using Formbook malware, evading Microsoft Defender.
Live Bitcoin News

Hackers Carry Out The Largest NPM Attack In History, But Stole Less Than $50

Hackers launched the largest NPM crypto attack in history and compromised 18 JavaScript packages with billions of downloads.
CoinDesk

Ledger CTO Warns of NPM Supply-Chain Attack Hitting 1B+ Downloads

According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to ...

Self-propagating supply chain attack hits 187 npm packages

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...