Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...

The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the ...

A malicious version of Bitwarden's CLI password manager was briefly distributed via npm after attackers exploited a compromised GitHub Action, in a campaign linked to the Checkmarx supply chain attack ...

As supply chain attacks surge and AI lowers the barrier to malware, the cybersecurity unicorn moves security directly onto ...

Bootstrapped by three founders, Osirus brings Chat, Search, Image, Video, Speech, Storage, and a full Agent Studio under one roof - powered by every major AI provider, including AWS Bedrock, Google, ...

See how you can use Tenable Hexa AI to determine in minutes if you’re impacted by the Axios npm supply chain attack. Learn how easy it is to automate configuration of scans, identify impacted assets, ...

The reason everything "works" but doesn't feel right ...

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...