Massive Supply Chain Attack Hijacks ctrl/tinycolor With 2 Million Downloads and Other 40 NPM Packages

September 16, 2025

A sophisticated and widespread supply chain attack has struck the NPM ecosystem, compromising the popular @ctrl/tinycolor package, which is downloaded over 2 million times per week.

BladeOne

CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence

National cyber ethics module to be rolled out in schools from January 2026

XLoader Malware Analyzed Using ChatGPT’s, Breaks RC4 Encryption Layers in Hours

Chinese Cyber Espionage Surges 150%

Google uncovers malware using LLMs to operate and evade detection

Microsoft Hyper-V harnessed for stealthy, persistent malware compromise

NGate Malware Lets Attackers Withdraw Cash from ATMs Using Stolen Cards

Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly

The container shipping’s bet on LNG amid geopolitical turbulence

Oil prices will stay above $60/bbl due to geopolitical premium: Rystad Energy

The geopolitical gold rush: How China and Russia’s gold buying challenges U.S. dominance

The Blogs: New York: A geopolitical mirror

Global Markets Mostly Down as Tech Stocks Slip on Valuation Jitters

Gulf Markets Slip As Wall Street Tech Rout Sends Valuations Lower

IPO-bound Pine Labs plans to expand presence in global markets: CEO

WION: Breaking News, Latest News, World, South Asia, India, Pakistan, Bangladesh News & Analysis

Is Marvell Technology Fairly Priced After AI Partnership News and Flat 2025 Performance?

Amazon Music integrates Alexa Plus for AI-based discovery, more: What’s new

Indutrade acquires flow technology company ETS

Emirates invests in innovative facial recognition technology across Dubai International (DXB)

Tanzania’s Post-Election Turmoil Deepens Economic and Social Woes

How wars ravage the environment – and what international law is doing about it

Rajagopal PV’s Blueprint for Another World: Peace

QatarDebate highlights dual role of digital media in conflict resolution at Paris Peace Forum

Massive Supply Chain Attack Hijacks ctrl/tinycolor With 2 Million Downloads and Other 40 NPM Packages

Google uncovers malware using LLMs to operate and evade detection

Microsoft Hyper-V harnessed for stealthy, persistent malware compromise

NGate Malware Lets Attackers Withdraw Cash from ATMs Using Stolen Cards

Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly