News

JavaScript packages with billions of downloads were injected with malicious code in world's largest supply chain hack, geared to steal crypto — a phishing email is all it ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.
Crypto on The Street on MSN

Ledger CTO warns crypto users after major JavaScript account hack

Charles Guillemet says a phishing led supply-chain breach could have become a systemic disaster for crypto users.
CSO Online

Warning: Hackers have inserted credential-stealing code into some npm libraries

Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...
Decrypt

'Widespread' Crypto Exploit That Created Panic Steals Only $1K From Users

A major JavaScript supply chain attack targeting crypto wallets through compromised GitHub packages has stolen only $1,043.

'WhiteCobra' floods VSCode market with crypto-stealing extensions

A threat actor named WhiteCobra has targeting VSCode, Cursor, and Windsurf users by planting 24 malicious extensions in the ...
Twinfinite

Blue Lock Rivals Codes (September 2025)

Codes are the best way to get spins in BLR (Blue Lock Rivals) for free. Just by redeeming them every update, you’ll have enough regular and lucky spins to get all the meta Flows and Styles. To ...
Hackaday

This Week In Security: NPM, Kerbroasting, And The Rest Of The Story

Two billion downloads per week. That’s the download totals for the NPM packages compromised in a supply-chain attack this ...