News

CryptoNewsZ5h

npm “debug” Attack Fails, Ledger CTO Confirms Minimal Impact

"debug" package attack failed; malicious update detected early, minimal impact. Developers urged to check their installations ...
Security Boulevard1h

How One Phishing Email Compromised 18 npm Packages and Billions of Installs

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...
The Hacker News8h

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in ...
Coingape19h

Ledger CTO Warns of Supply Chain Attack, Cautions Against On-Chain Transactions

Ledger CTO cautions that there is an NPM supply chain attack on the rampage. He encouraged users to cease risky on-chain ...
Bleeping Computer3mon

Malware found in NPM packages with 1 million weekly downloads

A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT).

Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

In a supply chain attack, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after ...