Google Cloud wants to help improve the security of the most widely used open-source software, and to do so it’s making its Assured Open Source Software service generally available for Java and Python ...

A rise in malicious software packages exploiting system vulnerabilities has been detected by security researchers. A new report, published by Fortinet today, analyzes threats observed from November ...

The open-source development ecosystem has experienced a significant rise in malicious software components, putting enterprises on high alert for software supply chain attacks. Malware is infiltrating ...

The LofyGang threat group is using more than 200 malicious NPM packages with thousands of installations to steal credit card data, and gaming and streaming accounts, before spreading stolen ...

JFrog, the Liquid Software company and creators of the JFrog Software Supply Chain Platform, is launching JFrog Curation, an automated DevSecOps solution that checks and validates open source or third ...

A new NuGet typosquatting campaign pushes malicious packages that abuse Visual Studio's MSBuild integration to execute code and install malware stealthily. NuGet is an open-source package manager and ...

Cisco (Nasdaq:CSCO) has bulked-up its Domain Name System (DNS) security software with new features including AI-enhanced DNS tunneling mitigation and stronger cloud malware detection. Cisco Secure ...

The npm registry now includes Socket security analysis links directly on package pages to help developers assess supply chain risks.

A self-replicating malware is worming its way into open source software components. The malware's name is "Shai-hulud," presumably taking its name from the Dune sandworms, and it's particularly ...

A security researcher and system administrator has developed a tool that can help users check for manifest mismatches in packages from the NPM JavaScript software registry. Last week, a former ...