Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

Published on September 8, 2025

In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising maintainers' accounts in a phishing attack. [...]

Continue reading on website
Other news

Salesloft: March GitHub repo breach led to Salesforce data theft attacks

September 8, 2025
Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in widespread Salesforce data theft attacks in August. [...]

Sports streaming piracy service with 123M yearly visits shut down

September 8, 2025
​Calcio, a large piracy sports streaming platform with more than 120 million visits in the past year, was shut down following a collaborative effort by the Alliance for Creativity and Entertainment (ACE) and DAZN. [...]