News

Security Boulevard14h

How One Phishing Email Compromised 18 npm Packages and Billions of Installs

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

This 2FA phishing scam pwned a developer - and endangered billions of npm downloads

A new digital supply chain attack has targeted popular open-source npm packages with at least two billion downloads per week. On Sept. 8, Josh Junon, a package maintainer whose account was at the ...