Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, ...

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...

Thousands of secrets such as PyPI and AWS keys, GitHub tokens, and more, were stolen recently during a supply-chain attack ...

What could have been a historic supply chain attack seems to have been averted due to the rapid response of the open source ...

Malware hidden in widely used libraries like chalk and debug hijacked crypto transactions via browser APIs, exposing deep ...

A cautionary tale of how a developer tool limit case could derail cybersecurity protections if not for quick thinking, public outreach, longtime relationships, and a vendor willing to listen and ...

Billions (No, that's not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the Billions of downloads were potentially compromised ...

JFrog and GitHub link a range of tools and functions to secure code, deployment and supply chain – with Copilot and in ...

The big picture: Software development moves at breakneck speed these days, with developers constantly releasing new features. However, despite their best efforts, security vulnerabilities still manage ...

As modern software development accelerates, so too must the tools that keep code secure. Developers are increasingly expected to integrate security practices directly into their daily workflows -- ...