The open-source code for malware is becoming a dangerous playground for attackers. Researchers just found four new npm packages peddling everything from data-stealing worms to potent DDoS bots.
A catastrophic lapse in cybersecurity hygiene — a forgotten Microsoft Teams recording — has landed two brothers in hot water. Their vengeful digital rampage was inadvertently documented, painting a clear picture for prosecutors.
The npm ecosystem just took another hit. The widely used node-ipc package has been compromised, actively stealing sensitive developer credentials.
The open-source world just got a little murkier. Attackers are now weaponizing RubyGems, turning widely used code repositories into elaborate data dead drops.
A wave of malicious packages has forced RubyGems.org, the central repository for Ruby libraries, to shut down new account registrations. This move highlights ongoing supply chain vulnerabilities that threaten developer workflows.
Just when you thought CI/CD pipelines were safe, Checkmarx’s Jenkins plugin gets roped into a supply-chain attack. TeamPCP strikes again.
Just weeks after a supply chain attack that snaked through Bitwarden, TeamPCP is back, this time hijacking Checkmarx's own Jenkins plugin. It’s deja vu, and not the fun kind.
The cybersecurity world is reeling as RansomHouse, a known ransomware-as-a-service provider, claims a major breach of Trellix. The target: source code repositories.
Did you download JDownloader in early May 2026? You might have installed more than just a download manager. The popular tool's website was hijacked, pushing malware straight from the source.
North Korea's ScarCruft APT has launched a sophisticated supply-chain attack, compromising a popular gaming platform to spy on ethnic Koreans in China. This isn't just about stolen accounts; it's a digital Trojan horse.
Linux developers, watch your backs. A new stealthy malware, dubbed Quasar Linux (QLNX), is slithering into development environments. This isn't your grandpa's virus; it's a sophisticated implant designed for long-term infiltration and credential theft.
Imagine your trusted digital toolkit suddenly becoming a Trojan horse. That's precisely the terrifying reality for thousands using DAEMON Tools, thanks to a sophisticated supply chain attack.