Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

Mini Shai-Hulud worm compromises 169 npm packages including TanStack Mistral AI; TeamPCP uses stolen OIDC tokens.

Socket raises $60M to expand AI-driven software supply chain security and protect developers from cyber threats worldwide.

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...

White House app secretly tracked users every 4 minutes, sending location data to third parties despite promising government ...

A single line of Python code was all it took. Developers who ran import lightning after installing versions 2.6.2 or 2.6.3 of the PyTorch Lightning package from PyPI triggered a hidden credential ...

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens ...

Prosecutors accused Dr. David Morens, a former adviser to Dr. Anthony S. Fauci, of hiding records related to the onset of the pandemic. By Benjamin Mueller Dr. David Morens, a former senior adviser to ...

Education technology giant Instructure has confirmed that a security vulnerability allowed hackers to modify Canvas login ...

Curtis Franklin Jr. is Principal Analyst at Omdia, focusing on enterprise security management. Previously, he was senior editor of Dark Reading, editor of Light Reading's Security Now, and executive ...