Massive Supply Chain Attack Hijacks ctrl/tinycolor With 2 Million Downloads and Other 40 NPM Packages

September 16, 2025

A sophisticated and widespread supply chain attack has struck the NPM ecosystem, compromising the popular @ctrl/tinycolor package, which is downloaded over 2 million times per week.

BladeOne

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

Cyber Service Academy scholarship applications open to Davenport University students

CISA tells agencies to identify, upgrade unsupported edge devices

Navigating Data & Cyber Protection Trends: AvePoint CSMO Mario Carvajal, Live at Nasdaq

Questions Raised Over CISA’s Silent Ransomware Updates in KEV Catalog

Beacon Mutual hit by ransomware attack

Securonix Threat Research Spotlighted for Discovery of Advanced DEAD#VAX Malware Campaign

Windows targeted by advanced multistage Dead#Vax malware campaign

CEALS & CBL Present – Chinese Investment in the United States: Market Entry and Compliance in an Era of Rising Geopolitical Tensions – UC...

Starlink targeted in geopolitical conflicts

Starlink targeted in geopolitical conflicts

Between Social Revolt and Geopolitical Crisis: Who Will Decide Iran’s Future?

Hong Kong stocks drop 2% as tech, global markets slide

Palm Oil Prices Slip As Global Markets Turn Risk-Off

Stocks tumble as AI rout deepens, silver hammered

Big Tech’s AI Spending Jitters Rattle Global Markets

Stock market today: Dow, S&P 500, Nasdaq futures plummet as Amazon’s earnings flop set to deepen tech rout

BBC.com is expanding its tech coverage

Mercy Care hosts free Tech Workshop for adults

INVESTIGATES: AI road scanning company pitches pothole detection technology to Jacksonville

Pep Guardiola Says Global Conflicts ‘Hurt’ Him in Emotional Press Conference

Chad: Africa’s refugee haven struggles with its own stark challenges

‘Human rights cannot wait’: Türk launches $400 million appeal for 2026

Conflicts And Vaccine Hesitancy Undermine Global Immunization Efforts

Massive Supply Chain Attack Hijacks ctrl/tinycolor With 2 Million Downloads and Other 40 NPM Packages

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

Questions Raised Over CISA’s Silent Ransomware Updates in KEV Catalog

Hong Kong stocks drop 2% as tech, global markets slide

Palm Oil Prices Slip As Global Markets Turn Risk-Off