Hackers are now exploiting vulnerabilities in widely-used NPM coding libraries to inject malware into Ethereum smart contracts, according to cybersecurity research by blockchain compliance firm ...

ReversingLabs discovered two NPM packages, colortoolsv2 and mimelib2, using Ethereum smart contracts to download malware.

Traditional methods often involved using trusted services like GitHub or Google Drive to host harmful links, but now, by embedding commands within Ethereum smart contracts, attackers are able to ...

The popular Nx build system, boasting 4 million downloads each week, was exploited in the first supply chain breach to use AI ...

Ethereum smart contracts used to hide URL to secondary malware payloads in an attack chain triggered by a malicious GitHub ...

Simple-looking code tapped Ethereum’s blockchain to fetch hidden URLs that directed compromised systems to download ...

Nx supply chain attack on Aug 26, 2025 leaked 2,349 secrets via npm packages, risking GitHub and cloud accounts.

The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases. A series of malicious packages in the Node.js package manager (npm) code ...

The NPM JavaScript registry has experienced a jump in malware, including packages related to data theft, crypto mining, botnets, and remote code execution, according to security company WhiteSource.

Ethereum smart contracts are being used to download malware via poisoned NPM packages, something Binance has linked to DPRK ...

GitHub security team has identified several high-severity vulnerabilities in npm packages, "tar" and "@npmcli/arborist," used by npm CLI. The tar package receives 20 million weekly downloads on ...