In the first five months of 2026, security researchers have flagged more malicious packages on the npm registry than in all ...

Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ...

MESCIUS USA Inc., a global provider of award-winning enterprise software development tools, is pleased to announce the Wijmo 2026 v1 release. The first major release of 2026 yields major accessibility ...

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

GitHub facades and Ethereum smart contracts power a March 2026 admin-targeted campaign, enabling resilient C2 rotation and ...

Security experts reveal how easy it is to get fooled by this scam and what to do if you think you've been targeted.

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

The threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has ...

Recordly is a desktop app for recording and editing screen captures with motion-driven presentation tools built in. Recordly has emerged as one of the most compelling free alternatives to paid tools ...

Adobe patches a critical PDF flaw exploited for months, allowing attackers to bypass sandbox protections and deliver malware. Users urged to update now.

Several npm packages for SAP's cloud application development ecosystem have been compromised as TeamPCP's supply chain ...