News
The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...
Hackers injected malicious code into nearly a dozen 20 NPM packages with billions of weekly downloads in a software supply chain attack after phishing a maintainer’s account.
It is possible that the attackers behind this attack are the same ones as last time. Their malicious code bears the name of a prominent science fiction monster.
In a similar style to the Nx attack, the payload then publishes a new repo via the victim's GitHub account, dropping stolen ...
Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...
On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...
The malicious JavaScript code ("bundle.js") injected into each of the trojanized package is designed to download and run ...
Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...
Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after ...
Less $50 worth of crypto has been stolen from the large-scale JavaScript libraries attack on Monday, which targeted Ethereum ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback