Constructive, the company behind open-source Postgres and JavaScript infrastructure with over 100 million open-source ...

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

The NHS Couch to 5k app is celebrating its 10-year anniversary having reached more than eight million downloads.

UNC6692 relies on email bombing and social engineering to infect victims with Snow malware: Snowbelt, Snowglaze, and ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...

GHENT, Belgium, April 20, 2026 (GLOBE NEWSWIRE) -- Aikido Security today launched Aikido Endpoint, a lightweight security agent that protects developer devices against software supply chain attacks by ...

Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ...

A previously unknown threat group using tried-and-tested social engineering tactics - Microsoft Teams chat invitations and ...

A ClickFix campaign targeting macOS users delivers an AppleScript-based infostealer that collects credentials and live ...

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.