Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

The smartest way to use AI may not be letting it touch your files, but asking it to write software that handles them safely - ...

Socket found seven malicious packages on PyPI The packages were abusing Gmail and WebSocket They were removed from the platform Several malicious PyPI packages were recently observed abusing Gmail to ...

On April 29, 2026, security researchers at Theori and Xint Code publicly disclosed CVE-2026-31431, a Linux kernel privilege escalation vulnerability they named Copy Fail. Any unprivileged local user ...

TeamPCP has again expanded its supply chain attacks on open-source repositories by targeting Telnyx, according to security researchers. The cyber threat group recently rose to notoriety by uploading ...

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, worm-like malware across dozens of packages, security firms say. Named CanisterWorm ...

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace checks and silently installing malware onto developers’ systems. Threat ...

For the past decade, Docker has provided a robust solution for building, shipping, and sharing applications. But behind its simple "build and run" workflow lie many years of complex technical ...

Open source packages published on the npm and PyPI repositories were laced with code that stole wallet credentials from dYdX developers and backend systems and, in some cases, backdoored devices, ...

Malware in the Node.js ecosystem is hiding in plain sight. Security researchers uncover npm packages with thousands of installs, delivering remote access trojans, infostealers, or backdoors. The ...