Threat Post

Malicious npm Code Packages Built for Hijacking Discord Servers

The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases. A series of malicious packages in the Node.js package manager (npm) code ...
Krebs on Security

18 Popular Code Packages Hacked, Rigged to Steal Crypto

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...
Security Boulevard

Vibe Coding vs. SBOM: One Builds Fast. The Other Tells You What You Just Built

Explore the clash between "Vibe Coding" and modern software governance. Learn why high-speed AI generation demands stronger ...
GeekWire

GitHub adds Package Registry, which allows GitHub users to publish software packages alongside source code

GitHub is expanding the scope of its code repository to include support for publishing software packages, the company annoucned Friday afternoon. After teasing an announcement all week on Twitter, ...