Attackers gunning for supply chains again, deploying innovative blockchain technique to hide command & control.

The aim is to infect the systems of developers who rely on these registries for their code. To hide their malicious intent, ...

One of them will snoop around on your machine and steal your credentials An ongoing typosquatting campaign is targeting ...

An ongoing attack is uploading hundreds of malicious packages to the open source node package manager (NPM) repository in an attempt to infect the devices of developers who rely on code libraries ...

Contagious Interview refers to a yearlong-campaign undertaken by the Democratic People's Republic of Korea (DPRK) that ...

Cybersecurity researchers from Phylum have warned a threat actor has uploaded hundreds of malicious packages to the open source package repository npm. The packages are typosquatted versions of ...

Well-known open-source node package manager (NPM) registries are the target of massive attacks with malicious packages. These ...

Checkmarx researchers have detected a unique supply chain attack within the NPM ecosystem that uses the Ethereum blockchain.

Checkmarx has observed a novel npm supply chain attack using Ethereum smart contracts to manage command-and-control (C2) ...

This week, Metawin hacks, LottieFiles attack, hackers used Ethereum smart contracts to target npm developers, Craig Wright ...

Popular JavaScript library and npm package Lottie Player was compromised in a supply chain attack with threat actors ...

At least one individual has lost 10 BTC after unknowingly signing a phishing transaction linked to the breach.