News

NPM package ‘is’ with 2.8M weekly downloads infected devs with malware

The popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers ...

Hackers breach Toptal GitHub account, publish malicious npm packages

Hackers compromised Toptal's GitHub organization account and used their access to publish ten malicious packages on the Node ...

More popular npm packages hijacked to spread malware

Several popular npm packages with millions of weekly downloads were targeted, and one used as a launchpad for malware ...
Ars Technica3mon

AI-generated code could be a disaster for the software supply chain ...

AI-generated computer code is rife with references to non-existent third-party libraries, ... for a total of 576,000 code samples. Of the 2.23 million package references contained in those ...
Threat Post3y

Malicious PyPI Code Packages Rack Up Thousands of Downloads

Three malicious packages hosted in the Python Package Index (PyPI) code repository have been uncovered, which collectively have more than 12,000 downloads – and presumably slithered into ...
Wired2mon

AI Code Hallucinations Increase the Risk of ‘Package Confusion ...

Also known as package confusion, this form of attack was first demonstrated in 2021 in a proof-of-concept exploit that executed counterfeit code on networks belonging to some of the biggest ...
Business Insider3y

Developer Sabotages Code to Protest Corporations - Business Insider

The developer of a pair of widely used open-source code libraries sabotaged them in an apparent act of protest. Each library has been downloaded millions of times and is used in thousands of ...
Business Wire10mon

New MathWorks Hardware Support Package Automates Code Generation From ...

The MathWorks hardware support package automates code generation from MATLAB® and Simulink® models optimized explicitly for Qualcomm Technologies’ Hexagon NPU architecture to improve data ...