A malicious NPM package, ambar-src, mimicking a popular JavaScript framework, was downloaded nearly 50,000 times in a few ...

The open-source development ecosystem has experienced a significant rise in malicious software components, putting enterprises on high alert for software supply chain attacks. Malware is infiltrating ...

A rise in malicious software packages exploiting system vulnerabilities has been detected by security researchers. A new report, published by Fortinet today, analyzes threats observed from November ...

A self-replicating malware is worming its way into open source software components. The malware's name is "Shai-hulud," presumably taking its name from the Dune sandworms, and it's particularly ...

Amazon researchers discovered more than 150,000 malicious packages in the NPM registry, in what they called "a defining moment in supply chain security." The packages were part of a token farming ...

A new report out today from Fortinet Inc.’s FortiGuard Labs highlights a growing wave of malicious software packages exploiting system vulnerabilities. Based on data collected since November 2024, the ...

npm has taken down all versions of the real Stylus library and replaced them with a "security holding" page, breaking pipelines and builds worldwide that rely on the package. A security placeholder ...

Supply chain security is rapidly emerging as a material risk for enterprise software buyers. Yet, despite best efforts from regulators to hold software publishers accountable, enterprise buyers ...

Threat actors are finding new ways to insert invisible code or links into open source code to evade detection of software supply chain attacks. The latest example was found by researchers at ...