Maintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload...
Behavior-based threat detection startup Arnica has raised $7 million in a seed funding round led by Joule Ventures and First Rays Venture Partners, with...
Google announces GUAC, an open source tool to help organizations better understand software supply chains by centralizing build, security, and dependency metadata.
Container and cloud-native application security provider Aqua Security warns that the existence of private NPM packages can be disclosed by performing timing attacks.
A cybercrime group named LofyGang has distributed roughly 200 malicious NPM packages that have been downloaded thousands of times over the past year, according...
The City of Tucson, Arizona, is notifying roughly 123,000 individuals that their personal information was compromised in a recent data breach.The incident was identified...
Code security company SonarSource today published details on a severe vulnerability impacting Packagist, which could have been abused to mount supply chain attacks targeting...
Cisco warns that nation state-backed hackers are exploiting at least two zero-day vulnerabilities in its ASA firewall platforms to plant malware on telecommunications and...