The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

Sometime in late May 2026, a poisoned update slipped into the @antv family of JavaScript visualization libraries, the ...

Cybersecurity researchers create a five-step exploit chain using over-permissioned roles, secrets discovery, and NHIs to attack a popular low-code service.

The last time we did this analysis, Buffalo's 14212 came in as the most unstable neighborhood in Western New York. This year, ...

The PureLogs module targeted a wide range of browsers, including Google Chrome, Microsoft Edge, Brave, Opera, Yandex Browser, ...

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

Socket raises $60M to expand AI-driven software supply chain security and protect developers from cyber threats worldwide.

Microsoft Threat Intelligence has uncovered an active supply chain attack involving malicious npm packages registered under organizational scopes that mirror real internal corporate namespaces, ...

Anti-money-laundering watchdog issues guidance on identifying transactions linked to forced labour or sexual exploitation ...

Fresh concerns have emerged over CBSE’s online portal after a 19-year-old cybersecurity researcher alleged vulnerabilities ...