The package, named nodejs-smtp, impersonates the legitimate email library nodemailer with an identical tagline, page styling, ...

Two npm packages hide downloader commands via Ethereum smart contracts; uploaded July 2025; targeting crypto developers.

Ethereum smart contracts used to hide URL to secondary malware payloads in an attack chain triggered by a malicious GitHub ...

Hackers are exploiting Ethereum smart contracts to inject malware into popular NPM coding libraries, using packages to run ...

Security researchers found malware packages using the Ethereum blockchain to conceal malicious commands on GitHub repos.

Hackers are using Ethereum smart contracts to conceal malware payloads inside seemingly benign npm packages, a tactic that ...

In contrast, colortoolsv2 and mimelib2 leveraged Ethereum smart contracts to store and deliver the URLs used for fetching the ...

Ethereum smart contracts are being used to download malware via poisoned NPM packages, something Binance has linked to DPRK ...

Attacks on the NX build system and React packages highlight escalating threats to enterprise software development pipelines.

The popular Nx build system, boasting 4 million downloads each week, was exploited in the first supply chain breach to use AI ...

Unsecured platforms can be susceptible to malicious actors inserting harmful packages to exploit unsuspecting users.

A software supply chain attack targeting Nx marks the first known case where attackers have leveraged developer AI assistants ...