CoinDesk

Lighter DEX launches LIT token with 25% airdrop

Perpetuals-focused Ethereum-based Layer 2 decentralized exchange (DEX) Lighter has announced the debut of its native cryptocurrency, the Lighter Infrastructure Token (LIT), to align traders, builders, ...
financefeeds

Shai Hulud Malware Hits 400+ JavaScript Packages in Major NPM Supply-Chain Attack

What Happened in the Shai Hulud JavaScript Attack? A major JavaScript supply-chain attack has compromised more than 400 NPM packages — including at least 10 widely used across the crypto ecosystem — ...
The Hacker News

Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially ...
Engadget

GoPro's Lit Hero is an entry-level action cam with a built-in light

Along with its new 360 Pro 2 Max camera, GoPro has introduced the Lit Hero — a new compact action cam that looks like its entry-level Hero with a built-in LED light. That, along with improved image ...
ZDNet

5 ways to spot software supply chain attacks and stop worms - before it's too late

Shai-Hulud is the worst-ever npm JavaScript attack. This software supply chain worm attack is still ongoing. Here are some ways you can prevent such attacks. For those of you who aren't Dune fans, ...
Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...
TechSpot

Breach of npm threatens billions of weekly downloads in JavaScript ecosystem

What the Script: Supply chain attacks are traditionally designed to inflict maximum damage on structured organizations or companies. However, when such an attack compromises a supply chain that an ...
Business Wire

VISIUM, Formerly Lit Thinking, Opens ‘Visium UltraLabs’ Research Facility to Pioneer Next-Generation Infection Prevention Technology

WEST PALM BEACH, Fla.--(BUSINESS WIRE)--VISIUM, a leading innovator in Far-UVC technology, today announced its official rebrand from Lit Thinking and the grand opening of its new 5,000 sq. ft.
cryptopolitan

Supply chain npm attack only stole $500 in meme tokens so far

The supply chain attack through npm packages stole just $497 within the first hours, reaching only obscure meme tokens. The attack mostly affected MetaMask users, relying on luck to drain a larger ...
blockonomi

JavaScript Libraries with 2 Billion Weekly Downloads Targeted in Crypto Theft Attempt

18 popular NPM packages with over 2 billion weekly downloads were compromised through a phishing attack targeting developer “Qix” The malware functioned as a “crypto-clipper,” silently replacing ...
cryptonews

“Avoid On-Chain Transactions”: Ledger CTO Issues Urgent Warning After JavaScript Attack

A large-scale supply chain attack on the JavaScript ecosystem has prompted an urgent warning from Ledger’s chief technology officer, Charles Guillemet, who advised users without hardware wallets to ...
Bitcoin Magazine

NPM Attack: Javascript Library Compromise Goes After Bitcoin Wallets

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by bitcoin wallets. A major NPM developer, qix, has had their account compromised.