It has been a busy week for supply-chain attacks targeting open source software available in public repositories, with ...

JFrog Ltd (Nasdaq: FROG), the Liquid Software company and creators of the JFrog Software Supply Chain Platform, today ...

In what's the latest instance of a software supply chain attack, unknown threat actors managed to compromise Toptal's GitHub ...

Malicious PyPI packages, repo hijacks, and CVEs in Python containers put devs at risk. Learn how to stay secure.

GitHub CEO Thomas Dohmke has stated in a personal blog that the most advanced developers have "moved from writing code to ...

ArmorCode, the leading AI-powered Application Security Posture Management (ASPM) platform trusted by over 215,000 practitioners, today at Black Hat USA 2025 announced significant application security ...

Malicious code lurking in over 5,000 downloads, says Socket researcher Developer freelancing platform Toptal has been inadvertently spreading malicious code after attackers broke into its systems and ...

Gaming kit maker Endgame Gear has confirmed it was the victim of a supply chain attack which saw unidentified threat actors ...

Hackers have injected malware into popular NPM packages after compromising several developer accounts in a fresh phishing campaign.

The popular npm package "is" was infected with cross-platform malware, around the same time that linting utility packages used with the prettier code formatter were infected with Windows-only malware.

The widespread Model Context Protocol opens up a large number of points of attack on users' systems. Docker has published an ...