Typosquatted npm Packages Steal Cloud and CI/CD Secrets
A coordinated npm supply chain attack has been uncovered targeting developers working with OpenSearch, ElasticSearch, and DevOps tooling, with attackers acti...
20 articles
A coordinated npm supply chain attack has been uncovered targeting developers working with OpenSearch, ElasticSearch, and DevOps tooling, with attackers acti...
What are the main risks for container environments: vulnerabilities, supply chain attacks, configuration errors; how to improve container security and how Ka...
A newly uncovered supply chain attack is leveraging a legitimate-looking developer tool, codexui-android, to silently steal OpenAI Codex authentication token...
A sophisticated supply chain attack targeting the npm ecosystem has been uncovered, involving a malicious package named js-logger-pack that evolved into a po...
Open source code is everywhere in the enterprise; it’s estimated that upwards of 90% of Fortune 500 companies have it in their software supply chains. But op...
IBM and Red Hat launch $5 billion effort to secure open-source software supply chains.
Here’s how we built Town Lake, Cloudflare's unified analytics platform, alongside Skipper, an internal AI agent running on top of it.
Project Lightwell is designed to fix vulnerabilities without breaking what is already in production. The post IBM and Red Hat Commit $5 Billion to Secure Ope...
CISA is prioritizing the response to multiple emerging software supply chain intrusion campaigns targeting developer ecosystems Continuous Integration/Contin...
Learn how attackers exploit automated bot traffic as part of software supply chain attacks to artificially inflate download counters and mask malicious paylo...
For decades, cybersecurity was a battle of skill. Elite attackers versus elite defenders.
CrowdStrike has dismantled the Glassworm botnet in an operation aided by Google and Shadowserver, stripping the operators’ access to infrastructure that help...
CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels a...
Malicious repositories and disguised symlinks can trick AI coding agents into silently installing attacker-controlled MCP servers capable of stealing secrets...
A newly uncovered zero-click attack targets iPhone users running iOS 16, allowing threat actors to hijack WhatsApp accounts without any user interaction, vis...
There have been multiple notable supply chain attacks using the npm Registry since September: Shai-Hulud, Chalk/Debug, one abusing tea.xyz tokens, and recent...
View CSAF Summary An update is available that resolves a vulnerability identified by B&Rs internal security analysis in the product versions listed as affect...
NightSpire has quickly emerged as a significant ransomware threat since its discovery in early 2025, combining classic double-extortion tactics with stealthy...
For years, passwords were the only thing that mattered for securing our online presence, but the discussion around authentication is evolving rapidly. Passke...