Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...

Eight innovative tools that are reimagining web applications and how we build them. Welcome to the Great Unbloating.

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...

CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and ...

Socket found seven malicious packages on PyPI The packages were abusing Gmail and WebSocket They were removed from the platform Several malicious PyPI packages were recently observed abusing Gmail to ...

CrowdStrike, Google and the Shadowserver Foundation worked together to take down a botnet that poisoned over 300 GitHub repositories, risking widespread supply chain compromise.

Developer platform Socket says a malware called TrapDoor is targeting crypto and AI developers across npm, PyPI and Crates, aiming to steal crypto wallet info and browser data.

Discover the top 12 tools in 2026, from Cursor to Copilot, to speed up daily dev workflows and build apps faster!

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate approximately 3,800 of GitHub's internal source code repositories — everythi ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...