JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.

SUNNYVALE, Calif. & NAPA, Calif., September 09, 2025--swampUP 2025 – JFrog Ltd. (Nasdaq: FROG), the Liquid Software company ...

The malware tricks IT personnel into downloading malicious GitHub Desktop installers with GPU-gated decryption targeting ...

On Tuesday, Anthropic launched a new file creation feature for its Claude AI assistant that enables users to generate Excel ...

Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

Bad actors are using GitHub's repository structure and paid Google Ads placements to trick EU IT users into downloading a unique malware dubbed "GPUGate" that includes new hardware-specific evasion ...

Malware hidden in widely used libraries like chalk and debug hijacked crypto transactions via browser APIs, exposing deep ...

During the two-hour window on Monday in which hijacked npm versions were available for download, malware-laced packages ...

SUNNYVALE, Calif. & NAPA, Calif., September 09, 2025--swampUP 2025 – JFrog Ltd. ("JFrog") (NASDAQ: FROG), the Liquid Software company and creators of the JFrog Software Supply Chain Platform, today ...

Threat actors are exploiting exposed Docker APIs to deploy malware and cryptocurrency miners and potentially create a new botnet.