News

Major attack on node.js

A cryptocurrency thief got into the npm account of a hard-working developer via spearphishing. node.js packages with billions ...
Bitcoin Magazine3d

NPM Attack: Javascript Library Compromise Goes After Bitcoin Wallets

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by ...
CoinDesk2d

Ethereum, Solana Wallets Targeted in Massive 'npm' Attack But Just 5 Cents Taken

The credential stealer harvested username, password, and 2FA codes before sending them to a remote host. With full access, ...
Cybernews10d

The whole world depends on one overworked, underpaid developer, who might be from Moscow

A widely used Node.js utility called fast-glob is being maintained by a single Russian developer, prompting debate about the risks of solo maintainers and potential geopolitical influence.
CoinDesk3d

Ledger CTO Warns of NPM Supply-Chain Attack Hitting 1B+ Downloads

According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to ...

Crypto users urged to take extreme care as NPM attack hits core JavaScript libraries

Hackers hijacked NPM libraries in a massive supply chain attack, injecting malware that swaps crypto wallet addresses to steal funds.
Krebs on Security3d

18 Popular Code Packages Hacked, Rigged to Steal Crypto

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...

Massive NPM crypto hack drained only $50

Crypto intelligence platform Security Alliance released a report on Sep. 8 to reveal that Ethereum and Solana wallets have ...