IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...

The Open Group Launches the Open Footprint® Standard, Edition 1.0 to Streamline Scope 1, 2, and 3 Emissions ManagementBusiness Wire via ITWeb,SAN FRANCISCO, 02 Jun 2026The Open Group, the ...

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software registries on the internet within a span of roughly 48 hours. The targets were ...

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million weekly downloads. The North Korean state actor Sapphire Sleet compromised the ...

Support our Mission. We independently test each product we recommend. When you buy through our links, we may earn a commission. Any smart business knows what business it’s in. Shot Scope, along with ...

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...

When Canada’s prudential regulator, OFSI, released Guideline B 15 on climate risk, much of the industry conversation centred on governance, disclosure templates and model risk. But behind the ...

Half a dozen vulnerabilities in the JavaScript ecosystem’s leading package managers — including NPM, PNPM, VLT, and Bun — could be exploited to bypass supply chain attack protections, according to ...