An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...

Scammers now send unexpected packages with QR codes that redirect victims to fraudulent websites or download malicious ...

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were ...

To protect against these scams, individuals are advised not to scan QR codes from unknown or unexpected packages. It is ...

Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...

According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in ...

Crims have added backdoors to at least 18 npm packages after developer Josh Junon inadvertently authorized a reset of the two ...

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after ...

A newly disclosed flaw in the Cursor extension allows repositories to automatically execute code when a folder is opened, ...