Every time a developer types npm install, they are placing a bet that the package they are pulling into their project is not ...

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container ...

Hackers linked to North Korea compromised the widely used Axios npm package by tricking a maintainer into installing malware disguised as a Microsoft Teams error fix, turning one of the most popular ...

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...

As Anthropic's Claude Mythos model threatens to upend the vulnerability management ecosystem, security luminaries warn that chief information security officers (CISOs) should start getting ready now.

The threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has ...

There are sound reasons for optimism that European governments can reduce their military reliance: defense spending is rising, particularly in countries in northern and eastern Europe, and Europe is ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...

The contagion from the Kelp exploit could have been contained, but at the cost of capital efficiency, according to the founder of Curve Finance. The exploit of the Kelp liquid restaking protocol shows ...