Over half of the malware Sonatype discovered in Q1 2025 was designed to exfiltrate sensitive information from infected systems, the company said. Software supply chain security company Sonatype ...

Hackers linked to North Korea compromised the widely used Axios npm package by tricking a maintainer into installing malware ...

A new report out today from Fortinet Inc.’s FortiGuard Labs highlights a growing wave of malicious software packages exploiting system vulnerabilities. Based on data collected since November 2024, the ...

Due to automation and a high-reward, low-risk threat environment, open source malware increased 188% year over year in the second quarter of this year. Supply-chain security vendor Sonatype today ...

A malicious campaign targeting developers through npm and GitHub repositories has been uncovered, featuring an unusual method of using Ethereum smart contracts to conceal command-and-control (C2) ...