News

SecurityWeek

Highly Popular NPM Packages Poisoned in New Supply Chain Attack

Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...
Security Boulevard

How One Phishing Email Compromised 18 npm Packages and Billions of Installs

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...
The Hacker News

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in 2024 targeted npm, with the remainder linked to PyPI.
Crypto Briefing

Ledger CTO urges users to check crypto onchain transactions amid supply chain attack

Ledger CTO urged hardware wallet users to verify every transaction amid a large-scale supply chain attack. Analysts warned ...

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...

Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...
Ars Technica

Here’s how carefully concealed backdoor in fake AWS files escaped mainstream notice

Researchers have determined that two fake AWS packages downloaded hundreds of times from the open source NPM JavaScript repository contained carefully concealed code that backdoored developers' ...