News

Self-propagating supply chain attack hits 187 npm packages

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...

Hackers Exploit Ethereum to Inject Malware in Popular Coding Libraries

Hackers are now exploiting vulnerabilities in widely-used NPM coding libraries to inject malware into Ethereum smart ...

Malware Injected Into Code Packages That Get 2 Billion+ Downloads Each Week

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...
Infosecurity-magazine.com

ATMZOW JS Sniffer Campaign Linked to Hancitor Malware

The same threat actors may be behind both the ATMZOW JS sniffer campaign and the Hancitor malware downloader. The connection was made early this week by threat intelligence analyst Victor Okorokov ...
The Hacker News

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in ...
Threat Post

Google to Block .js Attachments in Gmail

Citing security concerns, Google announced that it will soon block JavaScript (.js) file attachments in Gmail. Spammers and cybercriminals have revived email-based attacks in the last year, giving new ...