Popular JavaScript libraries eslint-config-prettier and eslint-plugin-prettier were hijacked this week and turned into ...

npm packages hit by phishing-based supply chain attack, exposing developers to malware and remote access threats.

A cautionary tale of how a developer tool limit case could derail cybersecurity protections if not for quick thinking, public outreach, longtime relationships, and a vendor willing to listen and ...

Bitchat is a reminder that vibe coding is powerful, but don’t take security for granted.

A security researcher and system administrator has developed a tool that can help users check for manifest mismatches in packages from the NPM JavaScript software registry.

In addition, JFrog is launching a runtime security solution, as well as an integration with Nvidia's NIM microservices.

GitHub is struggling to contain an ongoing attack that’s flooding the site with millions of code repositories. These repositories contain obfuscated malware that steals passwords and ...

Security researchers have uncovered two new malicious packages on the npm open source package manager that utilized GitHub to store stolen Base64-encrypted SSH keys taken from developer systems. These ...

The popular Microsoft-owned code repository plans to roll out code signing, which will help beef up the security of open source projects.

Increasing reliance on open-source repositories calls for much higher-level vigilance to counter deceptive tactics.

Last Friday Github saw a supply chain attack hidden in a popular Github Action. To understand this, we have to quickly cover Continuous Integration (CI) and Github Actions.