News

Compromised files replace npm packages with a combined 2 billion weekly downloads

The "biggest supply chain attack" in the history of npm took place recently, affecting almost two dozen packages.

How to stay safe if you’re using MetaMask, Phantom, Trust or any crypto wallet from NPM attack

Note: If you’re using MetaMask, Phantom, Trust Wallet, or any crypto app, the advice is simple, take your time, check every ...

JavaScript packages with billions of downloads were injected with malicious code in world's largest supply chain hack, geared to steal crypto — a phishing email is all it ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.
CoinDesk20h

Ethereum, Solana Wallets Targeted in Massive 'npm' Attack But Just 5 Cents Taken

The credential stealer harvested username, password, and 2FA codes before sending them to a remote host. With full access, ...
Developer Tech21h

Escalating npm supply chain malware attack drains crypto wallets

An escalating npm supply chain attack has compromised dozens of foundational JavaScript packages to spread malware and drain ...
CSO Online21h

Massive npm supply chain attack hits 18 popular packages with 2B weekly downloads

Malware hidden in widely used libraries like chalk and debug hijacked crypto transactions via browser APIs, exposing deep ...

Crypto users urged to take extreme care as NPM attack hits core JavaScript libraries

Hackers hijacked NPM libraries in a massive supply chain attack, injecting malware that swaps crypto wallet addresses to ...