JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

Hackers injected malicious code into nearly a dozen 20 NPM packages with billions of weekly downloads in a software supply chain attack after phishing a maintainer’s account.

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after ...

Hackers hijacked NPM libraries in a massive supply chain attack, injecting malware that swaps crypto wallet addresses to steal funds.

Billions (No, that's not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the Billions of downloads were potentially compromised ...

Less $50 worth of crypto has been stolen from the large-scale JavaScript libraries attack on Monday, which targeted Ethereum ...

Charles Guillemet, CTO at the crypto wallet platform Ledger, warned the crypto community to be cautious while executing ...

A new cyberattack has put millions of crypto users on alert after hackers slipped malicious code into NPM, the software ...

Earlier this week, the Npm package manager suffered what may be its worst security incident to date. Unknown cybercriminals ...

"debug" package attack failed; malicious update detected early, minimal impact. Developers urged to check their installations ...