Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. The node-ipc ...

Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...

Change your passwords if you were affected.

Discover Avast’s free version. Get full details on its key features, how it protects your device, how to safely install it, ...

Android Intrusion Logging stores encrypted forensic logs for 12 months, helping experts investigate spyware attacks on ...

OpenAI is forcing Mac users to update ChatGPT and other desktop apps soon, after a supply chain attack exposed signing ...

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published ...

Hundreds of software packages are affected, once again threatening enterprise credentials on coders’ machines.

Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open ...

Microsoft Incident Response investigated an attack operated through legitimate and trusted administrative mechanisms to blend ...