Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply…
Browsing: Package
Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been published…
A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload targeting…
The Bitwarden command-line interface (CLI) NPM package was compromised in a supply chain attack that appears tied to previous campaigns…
Updated with further information from Bitwarden. The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to…
Malicious versions of the highly popular Axios NPM library were distributed to millions in a fresh supply chain attack blamed…
Anthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no…
TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden…
TeamPCP continues is supply chain compromise rampage, with telnyx on PyPI being the latest maliciously modified package. What happened? Telnyx…
Developers install external libraries with a single command, and that step can introduce more code than expected into a project…