Technology ❯ Software Development

Package Management

npm NPM Node Package Manager Python Dependency Management npm Packages Updates Linux Package Management Node.js Python Package Index

Bitwarden CLI Briefly Backdoored in npm Supply-Chain Attack

Researchers tie the breach to a wider campaign that hijacks CI pipelines to steal tokens.

Stories older than 24h

OpenAI Requires macOS App Updates After Axios Supply-Chain Compromise

Axios npm Package Briefly Trojanized After Maintainer Account Takeover

Axios npm Package Hijacked to Drop RATs as Google Links Attack to UNC1069

LiteLLM Supply-Chain Breach Put Backdoored PyPI Releases in Developers’ Workflows

TeamPCP Poisons Telnyx Python SDK on PyPI With WAV‑Hidden Infostealer

TeamPCP Supply-Chain Attacks Hit First 48-Hour Lull as Focus Turns to Monetization

TeamPCP Backdoors LiteLLM on PyPI, Forcing Emergency Secret Rotations

Researchers Link Iran-Targeted ‘CanisterWorm’ to Trivy Supply-Chain Breach

Trivy Supply-Chain Attack Poisons GitHub Action Tags to Steal CI/CD Secrets

npm Worm 'SANDWORM_MODE' Exposed Targeting Developer and CI Secrets Through Typosquatted Packages

Google Links More State Groups to React2Shell as Wallet-Draining Attacks Spread

React2Shell Attacks Intensify as React Issues Second Round of Emergency Patches

Microsoft Removes 19 Malicious VS Code Extensions After Supply-Chain Campaign Exposed

Shai-Hulud 2.0 Exposes 400,000 Developer Secrets Across NPM and GitHub

Shai-Hulud npm Worm Exposes 25,000+ GitHub Repos Through Trojanized Packages

Self-Publishing 'IndonesianFoods' Worm Floods npm With More Than 100,000 Spam Packages

Malicious NuGet Packages With Delayed Sabotage Removed After Socket Discovery

Researchers Uncover 'PhantomRaven' Campaign Flooding npm With 126 Credential-Stealing Packages

CERT Warns as Shai-Hulud npm Supply-Chain Attack Tops 500 Packages