Supply chain attacks feel like they're becoming more and more common.

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, worm-like malware across dozens of packages, security firms say. Named CanisterWorm ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Microsoft may want to see the Windows 11 backlash as just a desktop problem, but platform erosion on the client side can ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

In addition to rolling out patches to address two zero-days affecting SQL Server and .NET, Microsoft introduced Common Log File System hardening with signature verification.

A widely used Python package with more than 95 million monthly downloads has been compromised with credential-stealing ...

On March 19, 2026, a threat actor known as TeamPCP compromised Aqua Security’s Trivy vulnerability scanner – the most widely adopted open-source scanner in the cloud-native ecosystem. The attacker ...

This role offers hands-on exposure to Smart Energy Metering, IoT systems, Embedded Linux validation, and Microsoft Azure ...

OpenAI has acquired Astral, the company behind Python tools uv and Ruff, to integrate them into its Codex platform as it ...