Dozens of Red Hat packages backdoored through its official NPM channel

Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, ...

A Java library just tried to trick AI coding agents into deleting your tests, and it almost worked

The latest flare-up in the debate over AI-assisted coding did not come from a new model release or a benchmark result. It came from a single ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.
Bloomberg L.P.

Security Firm Thwarting Nation-State Hackers Valued at $1 Billion

Socket, a cybersecurity startup that sells technology to help safeguard open-source code against hackers, has raised a new round of funding that values the company at $1 billion. Josh Kushner’s Thrive ...
The Hacker News

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published versions of node-ipc. node-ipc@9.1.6 node-ipc@9.2.3 node-ipc@12.0.1 "Early ...