News

JavaScript packages with billions of downloads were injected with malicious code in world's largest supply chain hack, geared to steal crypto — a phishing …

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.

Malware Injected Into Code Packages That Get 2 Billion+ Downloads Each Week

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...

'Widespread' Crypto Exploit That Created Panic Steals Only $1K From Users

The "largest npm compromise in history" targeting crypto wallets through JavaScript packages has netted hackers just $1,043.
Krebs on Security2d

18 Popular Code Packages Hacked, Rigged to Steal Crypto

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...

Exclusive: 'We will see more attacks' Ledger CTO warns after NPM breach

Charles Guillemet says a phishing-led supply-chain breach could have become a systemic disaster for crypto users.

Breach of npm threatens billions of weekly downloads in JavaScript ecosystem

Earlier this week, the Npm package manager suffered what may be its worst security incident to date. Unknown cybercriminals ...
Security Boulevard19m

How npm Security Collapsed Thanks To a 2FA Exploit

Billions (No, that's not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the Billions of downloads were potentially compromised ...
InfoWorld15h

9 vital concepts of modern JavaScript

JavaScript is a sprawling and ever-changing behemoth, and may be the single-most connective piece of web technology. From AI ...
Infosecurity Magazine16h

Malicious npm Code Reached 10% of Cloud Environments

Security experts have warned that a newly discovered supply chain attack targeting npm packages is still active and may ...