The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows ...

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...

The post Attackers replaced JDownloader installer downloads with malware appeared first on . If you downloaded the JDownloader installer during the compromise window ( ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

Supply chain attacks with a Dune sci-fi saga branding continue to spread across the open-source ecosystem, with a Microsoft ...

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension - SiliconANGLE ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...

Microsoft flagged a Mistral AI hack as a supply-chain attack that hid malware in a fake AI library on PyPI. Here's what ...

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...

In early May, the JDownloader website delivered malware. This is reminiscent of Daemon Tools, which have since reacted.