Following the 2020 SolarWinds cyberespionage campaign, in which Russian hackers slipped tainted updates into a widely used IT management platform, a series of further software supply chain attacks ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

Researchers have discovered yet another set of malicious packages in PyPi, the official and most popular repository for Python programs and code libraries. Those duped by the seemingly familiar ...

A widely used open-source PyPI package, elementary-data, was compromised in a targeted attack that inserted infostealer malware via a GitHub Actions vulnerability. The malicious update, version 0.23.3 ...

Open source repositories are critical to running and writing modern applications, but beware — carelessness could detonate mines and inject backdoors and vulnerabilities in software infrastructures.

PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can appear ...

App development teams who use a popular utility in the GitHub Actions continuous integration and continuous delivery/deployment (CI/CD) platform need to scrub their code because the tool was ...

SAN FRANCISCO--(BUSINESS WIRE)--Algolia, the leading API Platform for Search & Discovery, today revealed the most sophisticated search engine to date for open-source packages with Openbase, a platform ...

With Flash GA, the company is attempting to transition from being a provider of raw compute to becoming the essential orchestration layer for the AI-first cloud.

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...