According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in ...

Malware hidden in widely used libraries like chalk and debug hijacked crypto transactions via browser APIs, exposing deep ...

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...

Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...

Billions (No, that's not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the Billions of downloads were potentially compromised ...

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...

The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, ...

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were ...

A new digital supply chain attack has targeted popular open-source npm packages with at least two billion downloads per week. On Sept. 8, Josh Junon, a package maintainer whose account was at the ...

The malware was found in 18 npm packages that together are usually downloaded over 2 billion times per week. But the security ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.

Crims have added backdoors to at least 18 npm packages after developer Josh Junon inadvertently authorized a reset of the two ...