TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...

GitHub's npm package registry has rolled out a publishing approval step to prevent the distribution of compromised packages ...

Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a ...

The Shai-Hulud campaign continues, now affecting hundreds of new packages and potentially compromising thousands of projects.

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published ...

Forbes contributors publish independent expert analyses and insights. A serious security breach has sent shockwaves through both everyday online services and the cryptocurrency world. At the center is ...

Four packages containing highly obfuscated malicious Python and JavaScript code were discovered this week in the Node Package Manager (npm) repository. According to a report from Kaspersky, the ...

Researchers continue to investigate a wave of malicious npm packages, with the published tally now reaching over 700. Last week, JFrog researchers disclosed the scheme in which an unknown threat actor ...

The malware authors behind the npm worm Shai-Hulud have released the source code. Now the first clones are appearing.

The US government has issued new guidance for developers designed to improve the security of the software supply chain, and in so doing make the nation’s critical infrastructure more resilient. The ...