"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...
The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel series — because it publishes any stolen credentials in a new public GitHub ...
NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by bitcoin wallets.
An NPM supply chain attack has prompted Ledger Chief Technology Officer Charles Guillemet to urge crypto users to pause on-chain transactions.
JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.
Crypto intelligence platform Security Alliance released a report on Sep. 8 to reveal that Ethereum and Solana wallets have ...
Google releases critical Chrome update patching zero-day CVE-2025-10585, discovered Sept 16, to block active V8 JavaScript ...
Hackers launched the largest NPM crypto attack in history and compromised 18 JavaScript packages with billions of downloads.
The malware was found in 18 npm packages that together are usually downloaded over 2 billion times per week. But the security ...
Results that may be inaccessible to you are currently showing.
Hide inaccessible results
Feedback