Researchers have identified 108 malicious packages and browser extensions planted across npm, Packagist, Go modules, and the Google Chrome Web Store as part of an ongoing supply chain campaign dubbed
Researchers at JFrog have identified a fresh wave of malicious npm packages linked to North Korean threat actors that impersonate legitimate Rollup polyfill tooling. The packages — `rollup-packages-po
Supply chain attackers have hijacked at least two npm packages and a cluster of Go modules, repurposing them to silently deploy a Python-based information stealer on developer machines running Windows
Cybersecurity researchers have confirmed a new wave of the Miasma supply chain campaign — linked to the same threat actor behind the Mini Shai-Hulud and Hades malware families — that has [compromised
More than 30 npm packages under Red Hat's `@redhat-cloud-services` namespace were compromised in a confirmed supply-chain attack, [per BleepingComputer](https://www.bleepingcomputer.com/news/security/
A supply chain attack campaign dubbed **Miasma** has compromised dozens of packages published under Red Hat's official `@redhat-cloud-services` npm organization, injecting a credential-stealing, self-
Security researchers at OX Security have [identified a malicious package on the npm registry](https://thehackernews.com/2026/05/malicious-npm-package-stole-files-from.html) named **`mouse5212-super-fo
This week's dominant story isn't a zero-day in enterprise software — it's developers themselves becoming the attack surface, their tools weaponized before a single line of production code is touched.