Researchers at Zscaler ThreatLabz have found three malicious Bitcoin npm packages that are meant to implant malware named ...

Homebrew is a free, open-source package manager for Linux and MacOS that simplifies the installation and management of software. Think of Homebrew as a command-line version of the App Store that ...

DuckDB has recently introduced end-to-end interaction with Iceberg REST Catalogs directly within a browser tab, requiring no ...

A spate of supply chain attacks forces GitHub’s npm to revoke ‘classic’ tokens. Despite this, larger worries about developer account security remain. GitHub has this week implemented the final part of ...

The new self-replicating worm iteration has destructive capabilities, erasing home directory contents if it cannot spread to more repositories. Approximately 640 NPM packages have been infected with a ...

Malicious code continues to be uploaded to open source repositories, making it a challenge for responsible developers to trust what’s there, and for CISOs to trust applications that include open ...

The typosquatted packages auto-execute on installation, fingerprint victims by IP, and deploy a PyInstaller binary to harvest credentials from browsers, SSH keys, API tokens, and cloud configuration ...

An active campaign named ‘PhantomRaven’ is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD secrets, and GitHub credentials. The activity started in ...

An ongoing npm credential harvesting campaign operating since August 2025 has been discovered by researchers at Koi Security. The malware, dubbed PhantomRaven by the researchers, is actively stealing ...