What is Mini Shai-Hulud npm supply chain attack, and was Microsoft and Socket hit by malware? A new npm supply chain attack ...

Mini Shai-Hulud npm campaign compromises @antv packages, targeting blockchain developers' GitHub tokens, AWS keys, and CI/CD ...

Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a ...

Mythos and GPT-5.5 add to cybersecurity worries that OpenAI and Anthropic had already sparked with AI coding's popularity.

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...

Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. The node-ipc ...

Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published ...

Origin Code is bringing a new configuration to its Vortex DDR5 lineup at Computex 2026, and the headliner this time is a 48GB ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

Threat actors are publishing RubyGems packages that include scrapers targeting public-facing UK government servers, but with ...

Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open ...

A new wave of the Mini Shai-Hulud campaign compromised dozens of TanStack npm packages as part of a broader supply chain ...