Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...

Ledger CTO cautions users to halt crypto transactions due to a mass NPM attack that hijacks wallets and loots money.

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...

Hackers launched the largest NPM crypto attack in history and compromised 18 JavaScript packages with billions of downloads.

网络安全公司Aikido ...

A：这是迄今为止最大规模的npm供应链攻击事件，攻击者向18个热门软件包注入恶意代码，这些软件包的总下载量超过26亿次/周。其中包括chalk（3亿次/周）、debug（3.58亿次/周）和ansi-styles（3.7亿次/周）等广泛使用的开发者工 ...

Npm packages are reusable blocks of JavaScript code published to the Node Package Manager registry that developers can ...

Hackers hijacked popular web code to steal crypto. Users must check every wallet transaction to avoid losing funds.

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

What could have been a historic supply chain attack seems to have been averted due to the rapid response of the open source ...

网络安全领域再起波澜，全球最大的Javascript包管理器npm遭遇重大安全事件。据网络安全机构Aikido Security披露，黑客通过精心设计的钓鱼攻击，成功入侵多名知名开发者账户，并在高频使用的软件包中植入恶意代码，引发业界广泛关注。

据介绍，黑客通过钓鱼邮件入侵知名开发者 Josh Junon（用户名 qix）等人的账户，在至少 18 个高频下载包中注入恶意代码，这 18 个受影响的包周下载总量达 26 亿次。 qix 表示，他收到的钓鱼邮件来自 support@ ...