JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

NPM supply chain attack compromised 18 popular JavaScript packages, swapping crypto wallet addresses, but quick detection ...

Hackers launched the largest NPM crypto attack in history and compromised 18 JavaScript packages with billions of downloads.

Malware hidden in widely used libraries like chalk and debug hijacked crypto transactions via browser APIs, exposing deep ...

JavaScript is a sprawling and ever-changing behemoth, and may be the single-most connective piece of web technology. From AI ...

Warning from Charles Guillemet, CTO of Ledger, urged certain users to halt onchain transactions due to a potentially ...

According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to ...

An escalating npm supply chain attack has compromised dozens of foundational JavaScript packages to spread malware and drain ...

Binance reassures customers after a massive NPM supply chain attack injects malicious code into 18 popular JavaScript ...

What could have been a historic supply chain attack seems to have been averted due to the rapid response of the open source ...

The Open Network chief technology officer, Anatoly Makosov, said the solution to the attack is to switch to a safe version and reinstall clean code.