Malicious Sicoob.Sdk stole PFX certificates and client IDs via NuGet downloads, enabling API impersonation and payment abuse risks.

Red Hat subsidiary today launched an initiative called Project Lightwell to improve the security of open-source projects.

On the night of May 22, 2026, an unidentified attacker with push access to the Laravel-Lang GitHub organization rewrote every existing version tag across four widely used PHP localization packages — ...

Malicious packages across npm, PyPI, and Crates.io show how poisoned developer workflows can become a route into enterprise systems.

Hackers secretly targeted crypto and AI developers using TrapDoor malware, stealing wallets, credentials, SSH keys, and sensitive company network access data.

Developer platform Socket says a malware called TrapDoor is targeting crypto and AI developers across npm, PyPI and Crates, aiming to steal crypto wallet info and browser data.

A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated ...

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...

GitHub has said it found about 3,800 internal repositories accessed in the breach and stressed that these contained its own code rather than customer projects. The ...

Supply chain protection firm Socket has raised $60 million in Series C funding for product development and team expansion.