Mini Shai-Hulud npm campaign compromises @antv packages, targeting blockchain developers’ GitHub tokens, AWS keys, and CI/CD secrets in a coordinated supply chain attack. The malicious publishes started just before 2 a.m. UTC on May 19. By the time most developers on the East Coast had their first coffee, the damage was already done. Socket’s Threat […]
The post npm Supply Chain Attack Hits @antv: Blockchain Dev Secrets Now Exposed appeared first on Live Bitcoin News.
The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, this time targeting the widely-used AntV enterprise data visualization tool.
Unlike last week’s high-profile npm attack on TanStack, which exploited a complex GitHub Actions cache poisoning weakness, the latest incident early on May 19 took the more conventional route of compromising the credentials of a high-value npm maintainer account.
According to analysis by SafeDep, the account in question, atool (i@hust.cc), which publishes the timeago.js JavaScript library, had rights to a large catalog of packages, including popular tools such as size-sensor (4.2 million downloads per month), echarts-for-react (3.8 million), @antv/scale (2.2 million), and timeago.js (1.15 million).
This privilege level allowed the attacker to publish at least 637 malicious versions across 317 different npm packages in a single 22-minute burst. This resulted in the compromise of a big chunk
Japan’s ruling LDP approved an “AI + on‑chain finance” plan to reshape the country’s financial system. The policy backs yen‑denominated stablecoins and tokenized bank deposits as core infrastructure. It pushes for tokenizing Bank of Japan accounts and yen stablecoin issuance by major banks from 2027. Japan recently adopted a national blockchain policy on May 19, […]
The post Japan Pushes Bold AI-Blockchain Plan to Transform Finance appeared first on Live Bitcoin News.
Bitcoin has slipped below the 100,000-block mark to its next halving, putting the fifth reward cut on track for around mid-2028 at block 1,050,000 and setting up the first full halving cycle dominated by spot ETFs. According to halving trackers…
Polygon launched a new blockchain system that helps digital banks manage payments, wallets, and compliance through one simple API. Polygon announced a new blockchain platform for digital banks and fintech companies. The company wants to make blockchain services easier for businesses worldwide. So, banks can soon manage payments, wallets, and settlements from a single system. […]
The post Polygon New Open Stack Could Transform How Digital Banks Use Blockchain appeared first on Live Bitcoin News.
This incident underscores the critical need for robust security practices in managing cloud credentials, highlighting potential supply chain vulnerabilities.
The post CISA exposed plaintext passwords and cloud keys on GitHub for six months appeared first on Crypto Briefing.
Faced with the growing volume of submission to its bug bounty program, GitHub is replacing cash bounties with swag rewards for reports with low security impact — and asking researchers to stop submitting reports that are low quality or about things that aren’t its fault.
The cloud-based code repository platform has seen a sharp increase in submissions that don’t demonstrate real security impact over the past year due to newer tools such as generative AI.
“Not every valid submission represents a meaningful security risk. Some reports identify hardening opportunities or documentation gaps,” Jarom Brown, a senior security researcher at GitHub, wrote in a blog post.
On top of that, he said, many of the reports GitHub receives describe out-of-scope scenarios in which someone experiences an “undesirable” outcome after interacting with malicious content in GitHub.
“These reports are often well-written and technically accurate in their observations, but they misunderstand where the security bo
A wallet onchain linked to venture capital firm a16z (Andreessen Horowitz) by Lookonchain has quietly accumulated 2.11 million HYPE tokens worth approximately $90.87 million since April 14. Smart Money Bets on Hyperliquid Dip Blockchain analytics firm Lookonchain flagged that wallet 0xb5E4, whose funding history and transaction patterns have led multiple analysts to associate it with […]
Google's AI advancements could redefine tech industry standards, impacting governance, security, and the integration of AI in blockchain.
The post Google to unveil AI breakthroughs at Google I/O 2026 livestream appeared first on Crypto Briefing.
