After major attack: Package manager NPM cuts old security ties

First steps were taken a few days ago, and more are to follow. Users and developers in the NPM ecosystem must act in the ...
SiliconANGLE

Massive npm hack poisons 18 packages with billions of downloads

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after attackers injected malware into 18 popular packages that together account for ...
The Hacker News

npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Researchers expose Discord webhook C2 in npm, PyPI, RubyGems; North Korean actors published 338 malicious npm packages with ...
Arabian Post on MSN

North Korea’s “Contagious Interview” Campaign Surges in npm Attack Waves

The Socket Threat Research Team disclosed that attackers uploaded 338 malicious npm modules, collectively downloaded over ...
CoinTelegraph

Largest NPM attack in crypto history stole less than $50: SEAL

Hackers broke into the node package manager (NPM) account of a well-known software developer and added malware to popular JavaScript libraries, targeting crypto wallets. ”Picture this: you compromise ...
Decrypt

North Korean Hackers Target Crypto Devs Through Open-Source Software Hub

North Korean hackers used fake recruiter lures and npm packages to target crypto developers in a large-scale supply-chain ...
CoinDesk

Ethereum, Solana Wallets Targeted in Massive 'npm' Attack But Just 5 Cents Taken

A phishing email on Monday took down one of Node.js’s most prolific developers by pushing malicious code into packages downloaded billions of times a week, in what researchers call the largest ...
TheStreet.com

Ledger CTO warns of shocking NPM attacks by crypto hackers

Malicious actors have found a way to hide open-source malware in Ethereum smart contracts, as per a recent report. On Sep. 3, the software security firm ReversingLabs released a report as per which ...
Bleeping Computer

Malware found in NPM packages with 1 million weekly downloads

These packages are very popular, with approximately 1,020,000 weekly downloads, making this a massive supply chain attack that could have widespread consequences. The malicious code is heavily ...
Gizmodo

Massive Supply Chain Attack Targets Cryptocurrencies Through NPM

A phishing attack aimed at a particular software maintainer’s account has managed to compromise software packages that have over 2.6 billion weekly downloads. BleepingComputer, noting that the ...
CoinTelegraph

Crypto users urged to take extreme care as NPM attack hits core JavaScript libraries

The breach hit core JavaScript libraries such as chalk and strip-ansi, downloaded billions of times each week, raising alarms over the security of open-source software. Hackers have compromised widely ...
The Register on MSN

One line of malicious npm code led to massive Postmark email heist

run this code with full permissions,' and let our AI assistants use it hundreds of times a day." In addition to highlighting the security risks inherent to MCP servers, this is also another example of ...