Aldi is the latest major retail chain to announce an Australian renewable energy installation arm, joining other giants ...

A newly discovered malware dubbed ModStealer is targeting cryptocurrency users across macOS, Windows, and Linux, according to security firm Mosyle. The ...

The FBI is sounding the alarm on a new scam straight from the "what could possibly go wrong?" file: unsolicited packages containing only a mysterious QR code. Once just an easy way to check menus or ...

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

Koi Security Inc., a startup providing cybersecurity for enterprise endpoints, announced Wednesday it raised $48 million in ...

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...

A newly disclosed flaw in the Cursor extension allows repositories to automatically execute code when a folder is opened, ...

Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...

Scammers now send unexpected packages with QR codes that redirect victims to fraudulent websites or download malicious ...

"debug" package attack failed; malicious update detected early, minimal impact. Developers urged to check their installations ...

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after ...