JavaScript packages with billions of downloads were injected with malicious code in world's largest supply chain hack, geared to steal crypto — a phishing email is all it ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.
PCMag on MSN

Hacker Pwns Programmer, Infects Widely Used Software With Malware

The malware was found in 18 npm packages that together are usually downloaded over 2 billion times per week. But the security ...
Ars Technica

How easy is it to hack JavaScript in a browser?

If its done in Javascript, it becomes trivial to short circuit the timer or just enable the continue button with a click of a bookmarklet so you do not have to wait. The same concept applies when ...

Ledger CTO Warns of Serious NPM Hack That Can Hijack Crypto Transactions

A serious security scare has hit the open-source software world, and it’s got big implications for crypto. Ledger’s chief technology officer has raised the alarm after discovering that several popular ...
The Hacker News

Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions

Google releases critical Chrome update patching zero-day CVE-2025-10585, discovered Sept 16, to block active V8 JavaScript ...
DL News

Huge malware attack targeting crypto exposes DeFi’s Achilles heel

Hackers poisoned JavaScript packages with crypto-stealing malware. The large scale attack exposes a DeFi weak point. The ...
Crypto on The Street on MSN

Ledger CTO warns crypto users after major JavaScript account hack

Charles Guillemet says a phishing led supply-chain breach could have become a systemic disaster for crypto users.