Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...

Charles Guillemet, chief technology officer at hardware wallet maker Ledger, warned on X on Monday that a large-scale supply chain attack is underway after the compromise of a reputable developer’s ...

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...

Hackers are sharing malicious SVG files which spoof real-life websites in order to trick victims into downloading damaging items. Cybersecurity researchers VirusTotal spotted the malware after adding ...

The foundations said in their blog post that automated CI systems, large-scale dependency scanners, and ephemeral container ...

According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to silently swap crypto wallet addresses in transactions. That means unsuspecting ...

Hackers injected malicious code into nearly a dozen 20 NPM packages with billions of weekly downloads in a software supply chain attack after phishing a maintainer’s account.

A new digital supply chain attack has targeted popular open-source npm packages with at least two billion downloads per week. On Sept. 8, Josh Junon, a package maintainer whose account was at the ...

CountLoader enables Russian ransomware gangs to deploy Cobalt Strike and PureHVNC RAT via Ukraine phishing campaigns.

A massive Android ad fraud operation dubbed "SlopAds" was disrupted after 224 malicious applications on Google Play were used ...

Malware hidden in widely used libraries like chalk and debug hijacked crypto transactions via browser APIs, exposing deep flaws in the open-source trust model. A massive supply chain attack ...

Download now Essential Studio 2025 Volume 3 includes many new features and enhancements for web, desktop, and mobile developers in addition to these. Current subscribers can download the new version ...