Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to ...

A new supply-chain attack compromised at least 187 npm packages, targeting developer secrets across software projects Shai-Hulud worm looks to steal credentials, modify packages, and spread malware ...

The JavaScript development community faced one of its most sophisticated supply chain attacks in September, when a ...

A fake npm package posing as Postmark's MCP (Model Context Protocol) server silently stole potentially thousands of emails a ...

Microsoft-owned repository GitHub has responded to recent node package manager (npm) attacks such as the Shai-Hulud ...

CERT-In has issued an advisory warning of Shai-Hulud malware that targets JavaScript’s Node Package Manager (npm) ecosystem ...

In September 2025, we saw a worm-style supply chain attack hit npm packages, a major ransomware incident in Brazil’s healthcare sector, an insider breach at a U.S. bank, and Cloudflare dealing with ...

Charles Guillemet says a phishing-led supply-chain breach could have become a systemic disaster for crypto users.

GitHub has unveiled a comprehensive plan to improve npm (Node Package Manager) security. The measures are a direct response to the major npm attack in mid-September, in which self-replicating malware ...

According to Koi Security, a legitimate-looking developer managed to slip in rogue code within an npm package called " postmark-mcp " that copied an official Postmark Labs library of the same name.