The package, named nodejs-smtp, impersonates the legitimate email library nodemailer with an identical tagline, page styling, ...

Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account ...

Hackers are exploiting Ethereum smart contracts to inject malware into popular NPM coding libraries, using packages to run ...

Security researchers found malware packages using the Ethereum blockchain to conceal malicious commands on GitHub repos.

In contrast, colortoolsv2 and mimelib2 leveraged Ethereum smart contracts to store and deliver the URLs used for fetching the ...

Hackers are using Ethereum smart contracts to conceal malware payloads inside seemingly benign npm packages, a tactic that ...

Two npm packages hide downloader commands via Ethereum smart contracts; uploaded July 2025; targeting crypto developers.

Ethereum smart contracts are being used to download malware via poisoned NPM packages, something Binance has linked to DPRK ...

ReversingLabs discovered two NPM packages, colortoolsv2 and mimelib2, using Ethereum smart contracts to download malware.

JavaScript’s low bar to entry has resulted in one of the richest programming language ecosystems in the world. This month’s ...

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...