News
On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...
An escalating npm supply chain attack has compromised dozens of foundational JavaScript packages to spread malware and drain crypto wallets.
Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...
JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.
Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...
NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by ...
In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...
Hackers hijacked NPM libraries in a massive supply chain attack, injecting malware that swaps crypto wallet addresses to steal funds.
Multiple npm packages have been compromised by a phishing attack in an attempt to spread crypto malware to billions of victims.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback