Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

A rise in malicious software packages exploiting system vulnerabilities has been detected by security researchers. A new report, published by Fortinet today, analyzes threats observed from November ...

Axios functions as pre-built software that a developer can easily incorporate into a JavaScript project. However, a hacker ...

Anthropic’s Claude Code tool accidentally exposed roughly 512,000 lines of proprietary TypeScript through a packaging mistake ...

Application security company Veracode has acquired malicious package analysis, detection, and mitigation technology from software supply chain security startup Phylum, along with some staff who worked ...

Supply chain security is rapidly emerging as a material risk for enterprise software buyers. Yet, despite best efforts from regulators to hold software publishers accountable, enterprise buyers ...

A self-replicating malware is worming its way into open source software components. The malware's name is "Shai-hulud," presumably taking its name from the Dune sandworms, and it's particularly ...

Threat actors are finding new ways to insert invisible code or links into open source code to evade detection of software supply chain attacks. The latest example was found by researchers at ...

A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers. According to ...

npm has taken down all versions of the real Stylus library and replaced them with a "security holding" page, breaking pipelines and builds worldwide that rely on the package. A security placeholder ...