Web3 founder Akshit Ostwal lost $20K to North Korea's BeaverTail malware in a sophisticated crypto scam targeting developers.

Celebrate '26 by helping us reach our New Year's goal before Jan. 16: join as an associate member today. You will help the FSF remain strong and independent to empower technology users everywhere.

Researchers at Zscaler ThreatLabz have found three malicious Bitcoin npm packages that are meant to implant malware named ...

Homebrew is a free, open-source package manager for Linux and MacOS that simplifies the installation and management of software. Think of Homebrew as a command-line version of the App Store that ...

A critical CVSS 9.2 flaw in AdonisJS bodyparser lets attackers write arbitrary files via path traversal when uploads are ...

A new strain of the Shai Hulud worm is discovered by researchers, signaling the self-propagating supply chain threat ...

As a worm spread through hundreds of npm packages in 2025, it didn't exploit a vulnerability – it exploited the architecture.

Researchers uncovered 27 malicious npm packages used over five months to host phishing pages that steal credentials from ...

Security topics take the top spots by a clear margin: in software development, it's supply chain incidents that make life ...

Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain compromise rather than traditional endpoint infection, using trojanized ...

North Korean hackers continue to poison npm packages with malicious JavaScript libraries targeting developers in the ongoing Contagious Interview campaign. One month after October 10, 2025, the ...

What Happened in the Shai Hulud JavaScript Attack? A major JavaScript supply-chain attack has compromised more than 400 NPM packages — including at least 10 widely used across the crypto ecosystem — ...