On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

On her first school day following the summer break, Klara Ptak almost forgot her phone at home — perhaps the clearest sign ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.

Hackers hijacked NPM libraries in a massive supply chain attack, injecting malware that swaps crypto wallet addresses to steal funds.

According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to ...

Now Manoj is a bit of a celebrity: She was just named “Kid of the Year” by Time magazine. She also received an honorable ...

A JavaScript supply chain attack has delivered a crypto-clipper via 18 npm packages; Ledger’s CTO has warned ...

Billions (No, that's not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the Billions of downloads were potentially compromised ...

A serious security scare has hit the open-source software world, and it’s got big implications for crypto. Ledger’s chief ...

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...

Hackers launched the largest NPM crypto attack in history and compromised 18 JavaScript packages with billions of downloads.

Ledger's CTO Charles Guillemet warned of a large-scale supply chain attack, potentially stealing crypto from common software ...