Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the ...

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

Hackers published 96 malicious package versions, injected with a credential-stealing worm similar to Mini Shai-Hulud. On Monday, hackers hit Red Hat’s NPM repository in a new supply chain attack, ...

The AI company's Bumblebee tool tackles your most urgent question after any supply‑chain advisory: Do your programmers have ...

Google’s Project Zero demonstrates a new zero-click exploit for the Pixel 10 phones, showing a full escalation from remote to kernel without user interaction. During the investigation Project Zero ...

On April 29, 2026, someone slipped malicious code into four widely used SAP software packages. Within days, the infection had spread to at least 169 packages across the npm registry, the world’s ...

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million weekly downloads. The North Korean state actor Sapphire Sleet compromised the ...

Support our Mission. We independently test each product we recommend. When you buy through our links, we may earn a commission. Any smart business knows what business it’s in. Shot Scope, along with ...

When Canada’s prudential regulator, OFSI, released Guideline B 15 on climate risk, much of the industry conversation centred on governance, disclosure templates and model risk. But behind the ...

Half a dozen vulnerabilities in the JavaScript ecosystem’s leading package managers — including NPM, PNPM, VLT, and Bun — could be exploited to bypass supply chain attack protections, according to ...