North Korean hackers are targeting open source software developers with a backdoor and an information stealer as part of a ...
Malicious jscrambler 8.14.0 runs hidden binaries during npm install on Windows, macOS, and Linux, with no fix available as of ...
Researchers at the AI Now Institute developed a proof-of-concept exploit showing common AI tools used for security could ...
Hackers compromised the Injective Labs SDK project's GitHub repository and used it to publish a malicious package on the Node ...
Socket found a compromised Injective npm package stealing wallet keys amid rising crypto supply chain attacks.
Unknown attackers compromised Injective Labs' GitHub repo to publish npm package 1.20.21, which steals wallet private keys ...
To defend against slopsquatting, proactive trust verification must occur before any dependency lands in a developer's hands.
Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to ...
In Operation Muck and Load, over 200 GitHub repositories serve a Go module that leads to Windows malware infections.
A recent report from cloud security firm Sysdig details the capabilities of JadePuffer, which it says is the first ransomware ...
Adobe’s rapid web-application development platform, Adobe ColdFusion, received a patch earlier this month that fixes several exploits, including CVE-2026-48282. However, users need to ensure they ...