A massive, self-replicating GlassWorm supply-chain attack has compromised hundreds of code repositories and extensions on ...

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across developer systems.

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...

A significant security incident involving the widely used npm package “eslint-config-prettier” has been uncovered. The package, downloaded more than 3.5 billion times, was compromised on July 18 after ...

Sonatype Security Research has identified two malicious npm packages — sbx-mask and touch-adv — that appear to result from a compromised maintainer account rather than intentional malicious creation.

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

The technique exploits Unicode Private Use Area characters, which render as zero-width whitespace in virtually every code ...

The popular npm package "is" was infected with cross-platform malware, around the same time that linting utility packages used with the prettier code formatter were infected with Windows-only malware.

A targeted supply chain attack involving the widely used npm package @lottiefiles/lottie-player has been uncovered, highlighting vulnerabilities in software ...

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...