Supply chain attacks feel like they're becoming more and more common.

Every developer has a setup ritual before they start their day. Mine went unquestioned for almost two years – they were four terminal commands, typed in the same order every morning. It didn't feel ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios ...

A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor.

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across ...

archinstall 4.0 replaces the curses interface with Textual, adds firewall and UKI support, and fundamentally modernizes the ...

Truelist releases 20+ free, open-source SDKs and framework integrations for email validation — Node, Python, React, ...

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were ...