North Korean-linked hackers planted malicious code in widely used open-source software in an attempt to steal login ...

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

Malicious code inserted into widely used tool raises concerns over large-scale data theft and cyber vulnerabilities ...

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through ...

Mac users have a new malware threat to be on the watch out for. According to a new report by Malwarebytes, Infiniti Stealer ...

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

Open VSX bug misread scanner failures as clean results, letting malicious VS Code extensions go live before patch in v0.32.0.

Researchers from Sucuri found malicious code hiding in the mu-plugins directory The malware redirected visitors, served spam, and could even drop malware The sites were compromised through vulnerable ...

Threat actors have used generative artificial intelligence (GenAI) to write malicious code in the wild to spread an open source remote access Trojan (RAT). It's one of the first observed examples of ...

Security researchers at Apiiro have released two free, open-source tools designed to detect and block malicious code before they are added to software projects to curb supply chain attacks. The two ...