Threat Post

Discord-Stealing Malware Invades npm Packages

The CursedGrabber malware has infiltrated the open-source software code repository. Three malicious software packages have been published to npm, a code repository for JavaScript developers to share ...
Ars Technica

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to be the world’s biggest supply-chain attack ever. “Sorry everyone, I should ...
VentureBeat

Meet Aardvark, OpenAI’s security agent for code analysis and patching

An aardvark works in an office typing at a desktop PC while happy human workers mill about in the background. Credit: VentureBeat made with ChatGPT Positioned as a scalable defense tool for modern ...
Dark Reading

Hackers Hide Remcos RAT in GitHub Repository Comments

Trusted and widely used software development and collaboration platforms like GitHub and GitLab have become both targets of and vehicles for a growing range of malicious activity. The latest ...
Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...
Bleeping Computer

Target's dev server offline after hackers claim to steal source code

Update, Jan 13th, 2026: Multiple Target employees have now confirmed in our follow-up report the authenticity of leaked source code sample set and shared internal announcements regarding an access ...
Technobezz on MSN

AWS fixed a critical CodeBuild flaw that exposed GitHub repositories

AWS patched a critical CodeBuild flaw that risked GitHub repository hijacking and potential supply chain attacks via the AWS Management Console..