Malicious npm packages mimicking Rollup polyfill tooling steal browser data, crypto wallets, and AI tool credentials in a Lazarus-linked campaign.
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Here's a look at the news highlights from Asean countries in the Star-AseanPlus section for Thursday (July 2, 2026) ...
A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram ...
New benchmarks show semantic code graphs helping coding agents find change locations faster and complete updates more ...
Belgian cybersecurity company Aikido Security NV today announced that it has acquired Root.io Inc., a company that offers ...
Chainguard is expanding Repository with new policy controls, malware and greyware scanning, and support for Java, Python, and container artifacts-helping organizations govern software consumption ...
At the Open Source in Finance Forum, FINOS, the financial services arm of the Linux Foundation, announced its intent to form an Open Source Enterprise Resiliency Alliance (OSERA), a global, ...
Secure software supply chain solution provider Chainguard Inc. today expanded its Chainguard Repository product with malware ...
German energy giant EWE AG has cut its Java licensing bill by 60% after migrating from Oracle to Azul Core. The move ...
Explore the leading application security tools of 2026 designed for enterprises. Understand their features, pricing models, and integration guidance for Indian and APAC businesses to enhance cyber ...
From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet
June 19, 2026 update: Microsoft assesses with high confidence that this activity is attributable to Sapphire Sleet, a North Korean state actor that primarily targets the financial sector. The ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results