October 4, 2023
A new deceptive package hidden within the npm package registry has been uncovered deploying an open-source rootkit called r77, marking the first time a rogue package has delivered rootkit functionality.
October 2, 2023
Nearly 90% of companies report they have detected a security issue in their software supply chain in the last 12 months.
September 1, 2023
Three newly discovered malicious Python packages posted to the Python Package Index (PyPI) are now believed to be part of the VMConnect campaign and have also been tied to the North Korean Lazarus Group.
August 31, 2023
North Korean state-sponsored hackers have uploaded malicious packages to the PyPI (Python Package Index) repository
August 25, 2023
Roblox gaming developers are lured in by a package that claims to create useful scripts to interact with the Roblox website
August 25, 2023
Malicious npm packages target Roblox devs