New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
Crypto News

DeFi Losses Surpass $600M as Kelp DAO Exploit Pushes TVL to One-Year Low

The Kelp DAO exploit on April 18, 2026, in which attackers minted 116,500 unbacked rsETH by poisoning a single LayerZero ...
Cryptopolitan on MSN

Litecoin faced a bug in MWEB that let invalid transactions pass on outdated nodes

A disruption on Litecoin briefly rattled the network on Saturday. A bug in its MimbleWimble Extension Block (MWEB) execution allowed invalid transactions to slip through outdated mining nodes. The ...
Crypto Briefing

LayerZero says North Korean Lazarus Group behind $292M Kelp DAO attack

LayerZero links $292M KelpDAO exploit to N. Korea's Lazarus Group; $2B in crypto thefts highlight new DeFi infrastructure ...