Visual Studio developers are targeted with a self-propagating worm in a sophisticated supply chain attack through the OpenVSX ...

Attackers increasingly are using malicious JavaScript packages to steal data, engage in cryptojacking and unleash botnets, offering a wide supply-chain attack surface for threat actors. More than ...

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to be the world’s biggest supply-chain attack ever. “Sorry everyone, I should ...

The NPM JavaScript registry has experienced a jump in malware, including packages related to data theft, crypto mining, botnets, and remote code execution, according to security company WhiteSource.

Threat actors are abusing legitimate NPM infrastructure in a new phishing campaign that breaks from the typical supply chain attack pattern.

Popular configuration packages for integrating Prettier with ESLint, the widely used code formatting tools within JavaScript and TypeScript projects, were hijacked after a maintainer fell victim to a ...

60 packages have been discovered in the NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat actor. According to Socket’s Threat ...

Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to ...

In light of recent cyberattacks and growing security concerns, GitHub is taking immediate and direct action to secure the open-source software supply chain.

More than 400 malicious packages were recently uploaded to PyPI (Python Package Index), the official code repository for the Python programming language, in the latest indication that the targeting of ...