Attackers infected all versions with the same credential-stealing malware that, on Wednesday, poisoned multiple npm packages ...
Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
Over 1,800 developers were affected by the Mini Shai-Hulud supply chain attack that hit the PyPi, NPM, and PHP ecosystems ...
Patch all Linux kernels issued from 2017 onwards to fix a serious vulnerability in the kernel’s cryptography API that can be ...
Attackers continue to scale a campaign to seed Open VSX with seemingly benign VS Code extensions that spread self-propagating ...
Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as ...
A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...
Bitwarden CLI 2026.4.0 was compromised in a supply chain attack that targets crypto wallet keys, SSH keys, and CI/CD secrets.
A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...
Cybersecurity experts have reported a coordinated attack involving 108 Google Chrome extensions that steal user data and ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results