The Register on MSN

GitHub moves to tighten npm security amid phishing, malware plague

Hundreds of compromised packages pulled as registry shifts to 2FA and trusted publishing GitHub, which owns the npm registry ...
Bitcoin Magazine

NPM Attack: Javascript Library Compromise Goes After Bitcoin Wallets

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by bitcoin wallets.

Patch now! Attackers exploit Chrome security vulnerability in JavaScript engine

The developers have fixed several vulnerabilities in the current version of the Chrome web browser. Attacks are already occurring.