After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
Valentić told The Hacker News that the use of fake progress indicators mimicking legitimate installation progress and the ...
The newly observed malware abuses VS Code’s “runOn:folderOpen” feature to execute automatically from trusted projects, ...
The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
A coordinated campaign targeting software developers with job-themed lures is using malicious repositories posing as legitimate Next.js projects and technical assessment materials, including ...
Attackers are targeting developers with malicious Next.js repositories to perform remote code execution (RCE) and establish a persistent command-and-control (C2) channel on infected machines in a ...
Bad actors could use the flaw to remotely load and execute malicious files on a victim’s computer. Bad actors could use the flaw to remotely load and execute malicious files on a victim’s computer. is ...
Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and execute arbitrary code. A critical vulnerability has been patched in vm2, a ...
Security researchers have warned that the open source ecosystem has become a “structural risk,” after revealing another surge in malicious packages last year. Sonatype said in its 2026 State of the ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results