A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and ...

A newly discovered malware campaign targeting the open source software ecosystem underscores how rapidly supply chain threats are evolving. The campaign, which JFrog has dubbed "IronWorm," targets ...

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.

OpenAI is telling every Mac user running its ChatGPT or Codex desktop app to update right now. The urgency traces back to a supply-chain attack on a popular open-source JavaScript toolkit called ...

The attack has raised significant concerns about the security of open-source software repositories, particularly those that house libraries and packages relied upon by millions of applications ...

The above button links to Coinbase. Yahoo Finance is not a broker-dealer or investment adviser and does not offer securities or cryptocurrencies for sale or facilitate trading. Coinbase pays us for ...

Apple has backported patches for iOS 15 and 16 devices just this week, with iOS 15.8.7 and iOS 16.7.15 released to address the kernel and WebKit vulnerabilities associated with Coruna for devices that ...

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...

Noord-Koreaanse staatsgeborgde kuberkrakers have stepped up their cyberattacks, using the open-source NPM ecosystem to spread harmful packages. The “Contagious Interview” operation is behind these ...

Three China-linked cyber espionage groups have been implicated in a major hacking campaign that has compromised a wide range of organisations globally, including multiple US government agencies. The ...