Microsoft’s open-source shopping spree has claimed another victim: npm. [Nat Friedman], CEO of GitHub (owned by Microsoft), announced the move recently on the GitHub blog. So what motivated the ...

North Korean hackers intensify their efforts against blockchain and Web3 developers, using nearly 200 malicious npm packages ...

The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM ...

A new cyberattack has put millions of crypto users on alert after hackers slipped malicious code into NPM, the software registry that powers thousands of apps and websites, including many tied to ...

A recent supply chain hack has seen malware injected into NPM packages with over 2.6Bn weekly downloads after compromising a maintainer’s account in a phishing attack. The NPM attack is causing a lot ...

"As a new and significantly more aggressive wave of npm supply chain malware, Shai-Hulud 2 combines stealthy execution, credential breadth, and fallback destructive behavior, making it one of the most ...

Shai Hulud v2 infected 500+ npm packages (700+ versions) and spilled into Java/Maven — yikes. Compromised packages run a preinstall loader that downloads Bun and executes a 10MB obfuscated payload ...

A spate of supply chain attacks forces GitHub’s npm to revoke ‘classic’ tokens. Despite this, larger worries about developer ...

Trojanized npm packages spread new variant that executes in pre-install phase, hitting thousands within days A self-propagating malware targeting node package managers (npm) is back for a second round ...