Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.

SINGAPORE, May 24 — A multidisciplinary team from the National Neuroscience Institute (NNI) and Tan Tock ...

Red Hat subsidiary today launched an initiative called Project Lightwell to improve the security of open-source projects.

Hackers secretly targeted crypto and AI developers using TrapDoor malware, stealing wallets, credentials, SSH keys, and sensitive company network access data.

Malicious Sicoob.Sdk stole PFX certificates and client IDs via NuGet downloads, enabling API impersonation and payment abuse risks.

A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated ...

Malicious packages across npm, PyPI, and Crates.io show how poisoned developer workflows can become a route into enterprise systems.

The security platform Socket has recently discovered an enormous worldwide malware operation that has been dubbed "TrapDoor".

Hackers rewrote all Git tags across four Laravel-Lang packages, poisoning over 700 historical versions with backdoors.

CrowdStrike, Google, and the Shadowserver Foundation dismantled the GlassWorm malware operation, but experts say the broader ...

On the night of May 22, 2026, an unidentified attacker with push access to the Laravel-Lang GitHub organization rewrote every existing version tag across four widely used PHP localization packages — ...