Bleeping Computer

Backdoor in Popular JavaScript Library Set to Steal Cryptocurrency

A JavaScript library that scores over two million downloads every week has been injected with malicious code for stealing coins from a cryptocurrency wallet. The affected package is Event-Stream, ...
Bleeping Computer

Old JavaScript Crypto Flaw Puts Bitcoin Funds at Risk

Security researchers are warning that old Bitcoin addresses generated in the browser or through JavaScript-based wallet apps might be affected by a cryptographic flaw that allows attackers to ...
Yahoo Finance

Largest supply chain attack in history targets crypto users through compromised JavaScript packages

A new cyberattack is silently targeting crypto from users during transactions amid an incident that security researchers describe as the largest supply chain attack in history. BleepingComputer ...
Hosted on MSN

Ripple cryptocurrency software library hit by major security issue, wallets under threat

A malicious actor used a compromised Ripple dev account to publish commits to NPM The commits would grant access to people's crypto wallets They were downloaded around 450 times before being pulled ...

Exclusive: 'We will see more attacks' Ledger CTO warns after NPM breach

Charles Guillemet says a phishing-led supply-chain breach could have become a systemic disaster for crypto users.
Yahoo Finance

Virtru Announces First Ever FIPS 140-2 Validated JavaScript Cryptographic Module

WASHINGTON, March 30, 2023 (GLOBE NEWSWIRE) -- Virtru, the recognized leader in data-centric security and privacy, today announced it achieved FIPS 140-2 validation for its JavaScript cryptographic ...
CSOonline

Critical flaw in OpenPGP.js raises alarms for encrypted email services

A newly discovered flaw in OpenPGP.js, a JavaScript cryptography library used by services like Proton Mail, could allow attackers to spoof messages that appear securely signed and encrypted, security ...