Billions (No, that's not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the Billions of downloads were potentially compromised ...
Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...
GitHub enforces FIDO 2FA and seven-day token limits after Shai-Hulud npm attack to boost supply chain security.
Newly discovered npm package 'fezbox' employs QR codes to hide a second-stage payload to steal cookies from a user's web browser. The package, masquerading as a utility library, leverages this ...
A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.
On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...
Charles Guillemet, CTO at the crypto wallet platform Ledger, warned the crypto community to be cautious while executing ...
"debug" package attack failed; malicious update detected early, minimal impact. Developers urged to check their installations ...
JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.
Results that may be inaccessible to you are currently showing.
Hide inaccessible results
Feedback