Several npm packages for SAP's cloud application development ecosystem have been compromised as TeamPCP's supply chain ...

The threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has ...

UNC6692 relies on email bombing and social engineering to infect victims with Snow malware: Snowbelt, Snowglaze, and ...

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

Mythos combined four separate low-severity bugs into a complete browser sandbox escape. Traditional scanners evaluate ...

Node.js does not need more theatrical security output. It needs better developer workflow infrastructure. It needs tools that ...

Vercel breached after attacker compromised Context.ai, hijacked an employee's Google Workspace via OAuth, and accessed ...

Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ...

How mature is your AI agent security? VentureBeat's survey of 108 enterprises maps the gap between monitoring and isolation — and the controls that close it.

The price of oil rose Monday, as a U.S. blockade of Iran’s ports and coastal areas came into effect and President Donald Trump threatened to eliminate any Iranian “fast attack ships” that approached ...

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million weekly downloads. The North Korean state actor Sapphire Sleet compromised the ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. One malicious ...