Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...

This was not a case of stolen credentials, but rather of vulnerability exploitation.

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...

As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...

Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as ...

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.

Malicious npm packages have been identified distributing malware that steals credentials and attempts to spread across ...

The open-source package elementary-data, with over a million downloads per month, has been compromised. Attackers exploited a vulnerability in a GitHub ...

Checkmarx suffers a second supply chain attack in a month, resulting in hackers injecting credential-stealing malware into ...