News

CoinDesk

Ethereum, Solana Wallets Targeted in Massive 'npm' Attack But Just 5 Cents Taken

The credential stealer harvested username, password, and 2FA codes before sending them to a remote host. With full access, ...

This 2FA phishing scam pwned a developer - and endangered billions of npm downloads

A new digital supply chain attack has targeted popular open-source npm packages with at least two billion downloads per week. On Sept. 8, Josh Junon, a package maintainer whose account was at the ...
SecurityWeek

Highly Popular NPM Packages Poisoned in New Supply Chain Attack

Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...
Cryptopolitan on MSN

Is Binance’s customer data, assets at risk after major supply chain attack?

Binance reassures customers after a massive NPM supply chain attack injects malicious code into 18 popular JavaScript ...
XDA Developers on MSN

I made these biggest Docker mistakes and here’s what I learned

Discover the most common and costly Docker mistakes made by developers, and learn how to avoid them for efficient, secure, ...
Security Boulevard

How npm Security Collapsed Thanks To a 2FA Exploit

Billions (No, that's not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the Billions of downloads were potentially compromised ...
Securities.io

NPM Supply-Chain Attack: What Happened and How to Fix It

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

Malware Injected Into Code Packages That Get 2 Billion+ Downloads Each Week

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...