The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...

Getting a random package you didn't order used to be either a shipping mistake or a mildly annoying marketing ploy. Now it might be something worse, the FBI has warned in a public service announcement ...

A Bergen County police department is warning the public to be on alert for a nationwide package scam targeting residents' personal information and access to cellphones. The scam involves unsolicited ...

The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms. OpenVSX and ...

Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially ...

Threat actors are finding new ways to insert invisible code or links into open source code to evade detection of software supply chain attacks. The latest example was found by researchers at ...

Mojang has dropped some huge news for Minecraft Java players - especially those that love to mod. While the modding scene is already thriving in Minecraft, it's not as accessible as you'd expect for ...

Have you ever received an unexpected package in the mail? It may not be a gift – you could be the victim of a brushing scam, according to the United States Postal Inspection Service. A brushing scam ...

The business of delivering packages has gotten more complex amid the latest wave of tariffs, and in some cases, shipping companies such as UPS wind up simply trashing some packages. Shipments may be ...

Newly discovered npm package 'fezbox' employs QR codes to retrieve cookie-stealing malware from the threat actor's server. The package, masquerading as a utility library, leverages this innovative ...