Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to ...
A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram ...
According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
To defend against slopsquatting, proactive trust verification must occur before any dependency lands in a developer's hands.
The FBI warned that TeamPCP software supply chain attacks targeted developer tools to steal cloud credentials, SSH keys, and ...
The researchers have discovered 8 repositories with critical misconfigurations that could lead to supply chain compromise ...
The Swift Package Index (SPI), a search engine for open source packages for the Swift programming language, is now part of Apple, though it will remain open source. Dave Verwer, who created SPI over ...
The Weaviate incident in 2025 illustrated this clearly. A researcher discovered an exposed OpenAI API key in a public repository. When tested, the key returned a quota exhaustion error, indicating ...
Automox, the cloud-native Autonomous Endpoint Management (AEM) platform, today released Automox MCP Server 2.2, adding interactive review surfaces, first-class Patch by Severity policy creation, and ...
Hackers created a fake trading bot for Polymarket’s prediction markets on GitHub. The bot was used to spread malware that ...
Vienna, Austria, June 25, 2026 — digna, the European data quality and observability platform, today announced the release of digna 2026.06, introducing a new Python SDK and Docker deployment support ...