Researchers at Socket have uncovered over 60 malicious packages in the npm registry that covertly harvest data...
npm
Malicious actors have once again targeted the npm ecosystem, this time through a package named “os-info-checker-es6”, which...
Researchers at Socket have uncovered a new attack targeting the macOS version of the popular source code...
Researchers have uncovered a malicious package in the PyPI repository, masquerading as a utility for working with...
Three malicious components have been discovered within the Go programming module ecosystem, capable of triggering complete data...
The threat of software supply chain compromise has once again resurfaced: the Ripple-recommended library “xrpl.js”, used for...
Experts at Socket have uncovered a new software supply chain attack involving counterfeit npm libraries masquerading as...
Software supply chain attacks are becoming increasingly sophisticated, with malicious actors disguising harmful code as legitimate libraries...