All news

open-source-security

(3 articles)
npm Supply-Chain Worm Steals Auth Tokens Fast

April 22, 2026

npm Supply-Chain Worm Steals Auth Tokens Fast

A self-spreading npm supply chain attack is stealing developer tokens, API keys, and cloud credentials. See which packages are affected and how to protect yourself.

36 Malicious npm Packages Exploited Redis and PostgreSQL to Deploy Persistent Implants

April 5, 2026

36 Malicious npm Packages Exploited Redis and PostgreSQL to Deploy Persistent Implants

36 rogue npm packages abused Redis and PostgreSQL connections to plant persistent backdoors. Here is what happened and how to protect your supply chain.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

April 3, 2026

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Threat actor UNC1069 targeted an Axios maintainer via social engineering, compromising the npm package in a dangerous supply chain attack.