Billions (No, that's not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the Billions of downloads were potentially compromised ...

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

"debug" package attack failed; malicious update detected early, minimal impact. Developers urged to check their installations ...

Charles Guillemet says a phishing-led supply-chain breach could have become a systemic disaster for crypto users.

Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...

Hackers launched the largest NPM crypto attack in history and compromised 18 JavaScript packages with billions of downloads.

A new digital supply chain attack has targeted popular open-source npm packages with at least two billion downloads per week. On Sept. 8, Josh Junon, a package maintainer whose account was at the ...

The Open Network chief technology officer, Anatoly Makosov, said the solution to the attack is to switch to a safe version and reinstall clean code.

Polygon fixes network delays, Hedera rallies on Pool Token news, while BlockDAG’s Awakening Testnet proves its infrastructure ...

Hackers injected malicious code into nearly a dozen 20 NPM packages with billions of weekly downloads in a software supply chain attack after phishing a maintainer’s account.

An open source software supply-chain vulnerability is an exploitable weakness in trusted software caused by a third-party, ...

Malware hidden in widely used libraries like chalk and debug hijacked crypto transactions via browser APIs, exposing deep ...