Hackers hijacked NPM libraries in a massive supply chain attack, injecting malware that swaps crypto wallet addresses to steal funds.

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by ...

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...

Charles Guillemet, Chief Technology Officer at Ledger, emphasized the gravity of the situation, stating, "There’s a large-scale supply chain attack in progress: the NPM account of a reputable ...

Crypto firms are racing to assess potential fallout after reports of a large-scale supply chain attack that compromised a ...

Less $50 worth of crypto has been stolen from the large-scale JavaScript libraries attack on Monday, which targeted Ethereum ...

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...

Ledger's CTO Charles Guillemet warned of a large-scale supply chain attack, potentially stealing crypto from common software ...

Using the notion of a lighthouse as a metaphor, Google Lighthouse steers developers away from the rocks by shining light at issues it discovers on an asset-by-asset basis. With specific feedback for ...