Multi-stage malware embedded in a Python package is stealing sensitive cloud infrastructure data, JFrog researchers said ...

Malware-laced PyPI and npm packages steal developer credentials, CI/CD data, and crypto wallets. Attacks target macOS, AI ...

Chimera-sandbox-extensions” exploit highlights rising risks of open-source package abuse, prompting calls for stricter ...

Trends in open-source software supply chain attacks – ones that exploit the public platforms developers rely on for software development – have changed quite a bit in recent years. While the number of ...

Supply chain attack infects 16 GlueStack npm packages used by 1M weekly users, enabling malware that steals data and controls ...

A single typo could let hackers hijack your system using malware hidden in fake packages Cross-platform malware now fools ...

JFrog uses its Xray component to scan containerised NVIDIA AI models, including NIM containers, for known vulnerabilities, ...

Cybersecurity researchers Aikido Security recently discovered malicious code buried very deep in 17 popular Gluestack ...

Discover how supply chain attacks target crypto projects through third-party tools, and learn key strategies to protect code, infrastructure and users.

Kaspersky has reported a sharp rise in malicious open-source packages as supply chain threats grow, writes SHERYL GOLDSTUCK.