Crypto exchanges provide developers with APIs to connect with their trading engine and data feeds. The APIs cover a dozen ...

A Rust infostealer called IronWorm hid in 36 npm packages from the Arweave ecosystem. The malware self-replicated and then pushed backdated malicious commits across nine organizations. Developers who ...

Solana’s role in crypto has shifted considerably over the past two years. It was once mostly a high-throughput Ethereum ...

A Binance legal document disclosed a revenue-sharing agreement with Alpaca, which includes sharing 50% of the stock custodian’s order flow revenue with the cryptocurrency exchange. Binance disclosed a ...

Cybersecurity researchers at Aikido Security have uncovered a malicious supply chain attack targeting OpenAI Codex developers via the npm package “codexui-android”. While the associated GitHub ...

Fake Claude Code installer malware used Google Ads to place spoofed AI tool pages above real documentation since March 2026.

The malware employs ecosystem-specific techniques for execution. On npm, many packages use post-install hooks to deploy a comprehensive JavaScript payload ...

Developer platform Socket says a malware called TrapDoor is targeting crypto and AI developers across npm, PyPI and Crates, aiming to steal crypto wallet info and browser data.

MEXC Futures M-Day is a promotional futures event in which customers trade USDT-M or Coin-M futures for a chance to win ...

The company clarified that only 1% of users were affected and pledged full reimbursement. Meanwhile, a massive supply chain hack targeting JavaScript libraries downloaded over a billion times, but ...