JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.

The malware tricks IT personnel into downloading malicious GitHub Desktop installers with GPU-gated decryption targeting ...

As developers lean on Copilot and GhostWriter, experts warn of insecure defaults, hallucinated dependencies, and attacks that ...

Bad actors are using GitHub's repository structure and paid Google Ads placements to trick EU IT users into downloading a unique malware dubbed "GPUGate" that includes new hardware-specific evasion ...

Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

During the two-hour window on Monday in which hijacked npm versions were available for download, malware-laced packages ...

On Tuesday, Anthropic launched a new file creation feature for its Claude AI assistant that enables users to generate Excel ...

"debug" package attack failed; malicious update detected early, minimal impact. Developers urged to check their installations ...

On the night of September 9, Tencent released and open-sourced the latest image model 'Hunyuan Image 2.1'. This model boasts industry-leading capabilities and supports native 2K high-definition images ...

According to the latest data from the open-source community, the enterprise-level AI Agent platform MaxKB has garnered widespread attention on GitHub, with its Star count reaching thousands and total ...