Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
CoinDesk

Whitehat developer unlocks $2 million stuck in a 2016 Ethereum ICO contract for nine years

A security researcher who goes by 0xflorent worked with the team behind a 2016 Ethereum ICO contract to unlock about $2 million in ether (ETH) that had sat trapped for nine years, in a coordinated ...
The Hacker News

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Codex tokens were exfiltrated via a popular npm package, affecting users since v0.1.82 and enabling persistent account access ...
Cryptopolitan on MSN

The 5 best Solana APIs and node providers for developers in 2026

Solana’s role in crypto has shifted considerably over the past two years. It was once mostly a high-throughput Ethereum ...