A new piece of malware is spreading through the popular tinycolor NPM library and more than 300 other packages, some of which ...

Security researchers worldwide are warning about a supply-chain attack on the Node Package Manager (NPM), where a ...

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...

Crypto intelligence platform Security Alliance released a report on Sep. 8 to reveal that Ethereum and Solana wallets have ...

A new digital supply chain attack has targeted popular open-source npm packages with at least two billion downloads per week. On Sept. 8, Josh Junon, a package maintainer whose account was at the ...

Charles Guillemet, CTO at the crypto wallet platform Ledger, warned the crypto community to be cautious while executing transactions. "The malicious payload works by silently swapping crypto addresses ...

Traditional methods often involved using trusted services like GitHub or Google Drive to host harmful links, but now, by embedding commands within Ethereum smart contracts, attackers are able to ...

Simple-looking code tapped Ethereum’s blockchain to fetch hidden URLs that directed compromised systems to download ...

Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into desktop apps for cryptocurrency wallets like Atomic and Exodus on ...

OS: windows non-issue / invalidThis isn't relevant to nvm, or turned out to be something unrelated.This isn't relevant to nvm, or turned out to be something unrelated ...