Technology ❯ Software Development ❯ Open Source Software

Package Management

npm Python Packages NPM npm Packages PyPI Vulnerabilities Dependency Management Node.js RubyGems Security Risks

Self-Spreading npm Worm Steals Developer Tokens to Push Malicious Releases

Researchers warn the worm turns stolen publish tokens into fresh releases across npm and PyPI.

OpenAI Rotates Mac Signing Certificates, Sets May 8 Update Deadline After Axios Hack

Axios npm Package Briefly Trojanized After Maintainer Account Takeover

Meta Halts Work With Mercor After Breach Tied to LiteLLM Supply-Chain Attack

Axios npm Package Hijacked to Drop RATs as Google Links Attack to UNC1069

TeamPCP Poisons Telnyx Python SDK on PyPI With WAV‑Hidden Infostealer

TeamPCP Backdoors LiteLLM on PyPI, Forcing Emergency Secret Rotations

Malicious npm 'Lotusbail' Package Steals WhatsApp Data and Plants Persistent Backdoor

Shai-Hulud npm Worm Exposes 25,000+ GitHub Repos Through Trojanized Packages

Researchers Uncover 'PhantomRaven' Campaign Flooding npm With 126 Credential-Stealing Packages

Python Software Foundation Flags Active PyPI Phishing With pypi-mirror.org, Urges Immediate Password Resets

Ruby Central Assumes Temporary Administrative Control of RubyGems and Bundler

Phished npm Maintainer’s Packages Used in Crypto-Clipping Attack as Rapid Takedown Limits Damage

Nx npm Packages Compromised in 'S1ngularity' Attack With Second-Wave Exploitation Emerging

LottieFiles Supply Chain Attack Drains Users' Crypto Wallets