Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

CME’s bitcoin BTC $63,679.32 volatility index futures began trading last week, offering investors a new way to trade and hedge price volatility. DV Chain and Monarq Asset Management executed the first ...

A malware named IronWorm spread through 36 npm packages in the Arweave ecosystem, stealing developer credentials and self ...

Project launches its Cross-Chain API supporting 25+ blockchains after beta processed $230M in bridged volume with 99.97% ...

Solana’s role in crypto has shifted considerably over the past two years. It was once mostly a high-throughput Ethereum ...

Cybersecurity researchers at Aikido Security have uncovered a malicious supply chain attack targeting OpenAI Codex developers via the npm package “codexui-android”. While the associated GitHub ...

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other ...

Crossmint launched a Visa powered API that lets developers enable AI agents to make card payments with tokenized credentials.

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, this time targeting the widely-used AntV enterprise data visualization tool.

Add Decrypt as your preferred source to see more of our stories on Google. A malicious Hugging Face repository impersonating OpenAI's Privacy Filter model reached #1 ...

A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security concerns. A hardcoded API key embedded in ClickUp’s public website has ...

Update March 31, 2026, 1:28 pm UTC: This article has been updated to add comments from Abdelfattah Ibrahim, senior offensive security engineer at Hacken. Two malicious Axios npm releases have prompted ...