Massive Supply Chain Attack Hijacks ctrl/tinycolor With 2 Million Downloads and Other 40 NPM Packages

September 16, 2025

A sophisticated and widespread supply chain attack has struck the NPM ecosystem, compromising the popular @ctrl/tinycolor package, which is downloaded over 2 million times per week.

BladeOne

Fleets overlooking drivers in cyber training face growing risks

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Iranian hackers publish emails allegedly stolen from Kash Patel

Why Cybersecurity Stocks Are Selling Off Today

How a self-taught Vietnamese high schooler built the malware that infected 94,000 computers worldwide

Backdoored Telnyx PyPI package pushes malware hidden in WAV audio

This new scam could trick you into downloading malware

This new scam could trick you into downloading malware

EAEU Remains Economic Bloc, Kazakh PM Says Amid Rising Geopolitical Tensions

Shipping Industry Faces Near-Record Public Scrutiny in 2026

NZX 50 Ends Losing Week Amid Geopolitical Strains

Sovereign Satcom Networks Grapple With Data Security Amid Geopolitical Uncertainty

Undiscovered Gems in Global Markets for March 2026

LSEG’s David Schwimmer on activists, AI, and a global market test

Global Market Update | European shares fell amid uncertainty over Mideast war

Gold futures jump Rs 1,997 to Rs 1.41 lakh/10g on global rebound

David Sacks time as Donald Trump’s crypto and AI czar is over; says: Moving forward, I will …

SOUS Raises $4.3 Million to Expand Its AI Platform for Restaurant Visibility, Sales and Customer Engagement |

Russia’s Lavrov Says US Seeking Control of Nord Stream Gas Pipelines

Meta boosts Texas AI data center investment to $10 billion

Quote of the day by Clint Eastwood: ‘A war is a horrible thing, but it’s also a…’ – lessons on war, unit

Quote of the day by Clint Eastwood: ‘A war is a horrible thing, but it’s also a…’ – lessons on war, unit

Global conflict pressures food and fuel prices

Federal Reserve Official Says Economic Uncertainty Deepening Amid Global Conflicts

Massive Supply Chain Attack Hijacks ctrl/tinycolor With 2 Million Downloads and Other 40 NPM Packages

How a self-taught Vietnamese high schooler built the malware that infected 94,000 computers worldwide

Backdoored Telnyx PyPI package pushes malware hidden in WAV audio

Quote of the day by Clint Eastwood: ‘A war is a horrible thing, but it’s also a…’ – lessons on war, unit

Quote of the day by Clint Eastwood: ‘A war is a horrible thing, but it’s also a…’ – lessons on war, unit