Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.

Abstract: Ring Confidential Transaction (RingCT) protocols are widely used in cryptocurrencies to protect user privacy. Consequently, a corresponding digital signature scheme, such as a ring signature ...

Authorship obfuscation is the process of making changes to text such that identifying attributes (style, common words and phrases, tone) are masked. The goal of obfuscation is to retain the semantics ...

What Happened in the Shai Hulud JavaScript Attack? A major JavaScript supply-chain attack has compromised more than 400 NPM packages — including at least 10 widely used across the crypto ecosystem — ...

A major NPM supply-chain attack has compromised ENS-linked libraries and 490 packages with 132 million monthly downloads, deploying malware that steals developer credentials across crypto platforms. A ...

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. The ...

JavaScript Obfuscator is a powerful free obfuscator for JavaScript, containing a variety of features which provide protection for your source code. It is not recommended to obfuscate vendor scripts ...

If you needed another reminder that our software supply chains are only as strong as their smallest link, the JavaScript ecosystem delivered it. In early September, attackers phished the NPM account ...

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...

Hackers have injected multiple popular NPM packages with crypto-stealing code in a massive supply chain attack after compromising the maintainer’s account in a phishing attack. The attackers targeted ...