Huge NPM Supply-Chain Attack Goes Out With WhimperThreat actors phished Qix's NPM account, then used their access to publish poisoned versions of 18 popular open-source packages accounting for more than 2 billion weekly downloads. September 9, 2025
