Massive NPM crypto hack drained only $50

Crypto intelligence platform Security Alliance released a report on Sep. 8 to reveal that Ethereum and Solana wallets have ...
heise online

Major attack on node.js

A major attack on the supply chain for software packages for the widely used JavaScript runtime environment node.js was discovered on Monday. The attacker has injected obfuscated malicious code into ...

Warning about data-stealer spreading through software used by millions of programmers

Security researchers worldwide are warning about a supply-chain attack on the Node Package Manager (NPM), where a ...
Security Boulevard

New Wave of Self-Replicating NPM Malware Exposes Critical Gaps in Software Supply Chain Security

The Shai-Hulud NPM worm highlights rising open-source supply chain threats. Secure builds with SBOMs, MFA, signed packages, and zero-trust defenses.
CoinDesk

Ledger CTO Warns of NPM Supply-Chain Attack Hitting 1B+ Downloads

Charles Guillemet, chief technology officer at hardware wallet maker Ledger, warned on X on Monday that a large-scale supply chain attack is underway after the compromise of a reputable developer’s ...