The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem.

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through malicious npm releases. Security researchers from StepSecurity identified ...

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

Update: Added Wikimedia Foundation's statement below and made a correction to denote it was only the Meta-Wiki that was vandalized. The Wikimedia Foundation suffered a security incident today after a ...

Once envisioned as a bridge between Java and JavaScript, the Detroit project never got off the ground. Now, there are efforts at reviving it, adding a Python engine to the mix. Intended to enable ...

Searching for useful software on GitHub can quickly become exhausting. And trust me—I know what I’m talking about. When you spend your days digging through repositories, checking releases, compiling ...

Cybersecurity researchers are calling attention to a new campaign that's leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT ...

TypeScript, Microsoft’s strongly typed JavaScript variant, has become the most-used language on GitHub, according to GitHub’s Octoverse 2025 report released on October 28. August 2025 marked the first ...