Hackers have compromised the official website of RVTools—a widely used utility for managing VMware virtual infrastructures—and replaced...
Supply Chain Attack
Malicious actors have once again targeted the npm ecosystem, this time through a package named “os-info-checker-es6”, which...
The group known as Earth Ammit, affiliated with Chinese-speaking APT entities, conducted two waves of targeted attacks...
Threat actors uploaded a malicious package to the official PyPI repository, disguised as a legitimate tool for...
Researchers at Socket have uncovered a new attack targeting the macOS version of the popular source code...
Three malicious components have been discovered within the Go programming module ecosystem, capable of triggering complete data...
The threat of software supply chain compromise has once again resurfaced: the Ripple-recommended library “xrpl.js”, used for...
Experts at Socket have uncovered a new software supply chain attack involving counterfeit npm libraries masquerading as...
The era of AI-powered code generation tools has not only simplified the lives of developers but also...
Software supply chain attacks are becoming increasingly sophisticated, with malicious actors disguising harmful code as legitimate libraries...
While experts were investigating the compromise of the widely used GitHub Action tj-actions/changed-files, it became apparent that...