Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

Multiple SAP npm packages were compromised in a supply chain attack designed to steal developer credentials and tokens.

The NHS Couch to 5k app is celebrating its 10-year anniversary having reached more than eight million downloads.

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

Constructive, the company behind open-source Postgres and JavaScript infrastructure with over 100 million open-source ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...

GHENT, Belgium, April 20, 2026 (GLOBE NEWSWIRE) -- Aikido Security today launched Aikido Endpoint, a lightweight security agent that protects developer devices against software supply chain attacks by ...

Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ...

UNC6692 relies on email bombing and social engineering to infect victims with Snow malware: Snowbelt, Snowglaze, and ...