A cryptocurrency thief got into the npm account of a hard-working developer via spearphishing. node.js packages with billions of downloads are affected.

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...

NPM supply chain attack compromised 18 popular JavaScript packages, swapping crypto wallet addresses, but quick detection limited losses to under $500 despite billions of potential exposures.

GitHub has unveiled a comprehensive plan to improve npm (Node Package Manager) security. The measures are a direct response to the major npm attack in mid-September, in which self-replicating malware ...

Crypto intelligence platform Security Alliance released a report on Sep. 8 to reveal that Ethereum and Solana wallets have ...

Hackers poisoned JavaScript packages with crypto-stealing malware. The large scale attack exposes a DeFi weak point. The ...

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...

Security firm Trend Micro has discovered an attack on home routers that involves malicious JavaScript, a mobile website, and a mobile device such as a smartphone. This attack has been taking place ...

When a clickjack attack managed to hijack a passkey authentication ceremony, were password managers really to blame? ZDNET's investigation reveals a more complicated answer.

The breach hit core JavaScript libraries such as chalk and strip-ansi, downloaded billions of times each week, raising alarms over the security of open-source software. Hackers have compromised widely ...