Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
Hackers created a fake trading bot for Polymarket’s prediction markets on GitHub. The bot was used to spread malware that ...
Malicious npm packages mimicking Rollup polyfill tooling steal browser data, crypto wallets, and AI tool credentials in a Lazarus-linked campaign.
Beach Day API, a developer-first REST API powered by VersusMedia, today announced the launch of its real-time beach and ocean ...
NPM has announced new version (v12) of the npm package manager in a bid to prevent software supply chain attacks. In a blog post published on June 9, a team of npm developers at Microsoft-owned GitHub ...
Every Python developer knows some or all of these libraries, because they’re stable, reliable, and excellent at what they do.
Microsoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign. The incident impacted 73 Microsoft repositories across four ...
Malicious samples are available under the samples/ folder and compressed as an encrypted ZIP file with the password infected. The date indicated as part of the file name is the discovery date, not ...
Google has released A2UI v0.9, a framework-agnostic standard for AI agents to declare user interface intent across multiple ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers. The campaign, discovered by Aikido Security, includes plugins that act as AI coding ...
Our tracking of OceanLotus activities from 2024–2026 reveals a shift in operational focus. During this period, the Vietnam-aligned OceanLotus adopted a more selective approach to external operations ...