Fake Claude Code installer malware used Google Ads to place spoofed AI tool pages above real documentation since March 2026.

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

Learn how to migrate from Auth0 to Ory. Export users, import identities, swap SDKs, and migrate social logins.

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other ...

WordPress 7.0 “Armstrong,” released May 20, 2026, arrived without the real-time collaborative editing feature that had been its stated centerpiece for months — and within two days of launch, a securit ...

A Rust infostealer called IronWorm hid in 36 npm packages from the Arweave ecosystem. The malware self-replicated and then pushed backdated malicious commits across nine organizations. Developers who ...

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...

On April 29, 2026, someone slipped malicious code into four widely used SAP software packages. Within days, the infection had spread to at least 169 packages across the npm registry, the world’s ...

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the ...

Hackers published 96 malicious package versions, injected with a credential-stealing worm similar to Mini Shai-Hulud. On Monday, hackers hit Red Hat’s NPM repository in a new supply chain attack, ...