An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...

A total of 18 JavaScript packages that have over 2 billion weekly downloads have been injected with malicious code in what is billed as the largest supply chain hack in history. The compromised code ...

The foundations said in their blog post that automated CI systems, large-scale dependency scanners, and ephemeral container ...

Hackers injected malicious code into nearly a dozen 20 NPM packages with billions of weekly downloads in a software supply chain attack after phishing a maintainer’s account.

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...

Hackers are sharing malicious SVG files which spoof real-life websites in order to trick victims into downloading damaging items. Cybersecurity researchers VirusTotal spotted the malware after adding ...

Thousands, as it turns out. The Department of Data compiled a list of about 5,700 nonreligious holidays observed in America ...

According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to silently swap crypto wallet addresses in transactions. That means unsuspecting ...

A new digital supply chain attack has targeted popular open-source npm packages with at least two billion downloads per week. On Sept. 8, Josh Junon, a package maintainer whose account was at the ...

ESET researchers reveal how malware operators collaborate with covert North Korean IT workers, posing a threat to both headhunters and job seekers.

CountLoader enables Russian ransomware gangs to deploy Cobalt Strike and PureHVNC RAT via Ukraine phishing campaigns.