Bleeping Computer

Backdoor in Popular JavaScript Library Set to Steal Cryptocurrency

A JavaScript library that scores over two million downloads every week has been injected with malicious code for stealing coins from a cryptocurrency wallet. The affected package is Event-Stream, ...
CoinTelegraph

XRP Ledger Foundation spots ‘crypto stealing backdoor’ in code library

The Foundation said an updated software package has already been published to remove the security breach. The XRP Ledger Foundation has identified a “serious vulnerability” in the official JavaScript ...
TechRadar

Ripple cryptocurrency software library hit by major security issue, wallets under threat

A malicious actor used a compromised Ripple dev account to publish commits to NPM The commits would grant access to people's crypto wallets They were downloaded around 450 times before being pulled ...
CoinTelegraph

Hackers are exploiting a JavaScript library to plant crypto drainers

The React team published a fix on Dec. 3 and advises anyone using the react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack, to upgrade immediately. There has been a recent ...