More often than not, pulling data from the internet can be a major pain in the behind. It lulls you into a false sense of accomplishment, since downloading a web page is the easy part. But when you ...

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard ...

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...

Several SAP npm packages were exposed to a supply chain attack. The hacker group TeamPCP is behind it, say security researchers.

In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. As of writing, ...

Web infrastructure giant Cloudflare is seeking to transform the way enterprises deploy AI agents with the open beta release of Dynamic Workers, a new lightweight, isolate-based sandboxing system that ...

The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that's distributed via malicious ...