| 3 |
Malicious NPM Campaign Targets Ethereum Developers with Fake Hardhat Packages |
2025-01-03 |
| 4 |
Gmail for Exfiltration: Malicious NPM Packages Target Solana Private Keys and |
2025-01-08 |
| 3 |
Weaponizing OAST: Malicious Packages Exploit NPM, PyPI, and RubyGems |
2025-01-04 |
| 2 |
Kill Switch Hidden in NPM Packages Typosquatting Chalk and Chokidar |
2025-01-13 |
| 2 |
Pnpm 10.0.0 Blocks Lifecycle Scripts by Default |
2025-01-10 |
| 2 |
Socket Now Supports Uv.lock Files |
2025-01-09 |
| 2 |
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem With |
2025-01-07 |
| 2 |
The Cyber Security Council Podcast: Securing Modern Applications in A |
2025-01-06 |
| 40 |
Curl Project and Go Security Teams Reject CVSS as Broken |
2025-01-24 |
| 4 |
Bun 1.2 Released with 90% Node.js Compatibility and Built-In S3 Object Support |
2025-01-22 |
| 17 |
Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching For |
2025-02-04 |
| 7 |
North Korean Apt Lazarus Targets Developers with Malicious NPM Package |
2025-01-30 |
| 4 |
Opengrep Emerges as Open Source Alternative Amid Semgrep Licensing Controversy |
2025-01-28 |
| 3 |
Fluent Assertions Faces Backlash After Abandoning Open Source Licensing |
2025-01-20 |
| 3 |
PyPI's New Archival Feature Closes a Major Security Gap |
2025-01-30 |
| 3 |
Node.js EOL Versions CVE Dubbed the Worst CVE of the Year by Security Experts |
2025-01-24 |
| 3 |
Malicious PyPI Package 'Pycord-Self' Targets Discord Developers with Token Theft |
2025-01-16 |
| 2 |
Socket Joins TC54 to Help Shape the Future of SBOMs, CycloneDX, and PURL |
2025-01-31 |
| 2 |
Outgoing Biden Administration Issues Sweeping Executive Order on AI-Driven |
2025-01-22 |
| 2 |
UK Officials Consider Banning Ransomware Payments from Public Entities |
2025-01-16 |
| 2 |
38% of CISOs Fear They're Not Moving Fast Enough on AI |
2025-02-04 |
| 8 |
PyPI Now Supports iOS and Android Wheels for Mobile Python Development |
2025-02-12 |
| 6 |
Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not |
2025-02-07 |
| 7 |
TC39 advances proposals for RegExp Escaping, Float16Array, Redeclarable vars |
2025-02-20 |
| 6 |
React Team Updates CRA Migration Guidance After Community Pushback |
2025-02-19 |
| 6 |
Deno 2.2 Improves Dependency Management and Expands Node.js Compatibility |
2025-02-20 |
| 3 |
Malicious PyPI Package Exploits Deezer API for Coordinated Music Piracy |
2025-02-26 |
| 3 |
Create React App Officially Deprecated Amid React 19 Compatibility Issues |
2025-02-11 |
| 3 |
Maven Central Adds Sigstore Signature Validation |
2025-02-06 |
| 1 |
Oracle Drags Its Feet in the JavaScript Trademark Dispute |
2025-02-07 |
| 11 |
Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS |
2025-03-04 |
| 9 |
Free Software Foundation Goes to Bat for AGPL in Amicus Brief Criticizing |
2025-03-06 |
| 4 |
New PyPI Malware 'Set-Utils' Exfiltrates Ethereum Private Keys Through |
2025-03-05 |
| 4 |
Bybit Hack Puts Crypto Losses at $1.6B, Surpassing All of Last Year in Just Two |
2025-03-04 |
| 3 |
Tick Tock, Your Credentials Are Gone: The Maven Package with a Monthly Theft |
2025-03-14 |
| 3 |
The Pair Program Podcast: Feross Aboukhadijeh on Preserving Trust in Open Source |
2025-03-10 |
| 3 |
OpenSSF Launches Open Source Project Security Baseline to Strengthen Software |
2025-02-28 |
| 2 |
Socket and Seal Security Collaborate to Fix Critical NPM Overrides Bug |
2025-03-12 |
| 2 |
Opengrep Launches Playground in Alpha: A Faster, More Stable Environment For |
2025-03-07 |
| 2 |
Michigan TypeScript Founder Successfully Runs Doom Inside TypeScript's Type |
2025-02-28 |