Calls to shun Microsoft and GitHub go back a long way in the open source community, but moved beyond simmering ...

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, ...

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...

Two npm packages hide downloader commands via Ethereum smart contracts; uploaded July 2025; targeting crypto developers.

Security researchers found malware packages using the Ethereum blockchain to conceal malicious commands on GitHub repos.

A recently discovered ransomware strain called HybridPetya can bypass the UEFI Secure Boot feature to install a malicious ...

Hackers are exploiting Ethereum smart contracts to inject malware into popular NPM coding libraries, using packages to run ...

ReversingLabs reveals hackers using Ethereum Smart contracts in NPM packages to conceal malware URLs, bypass scans, and ...

ReversingLabs' research identified the npm packages clortoolv2 and mimelib2, which used Ethereum smart contracts to hide ...

ReversingLabs researcher Lucija Valentić discovered malicious packages on the Node Package Manager (npm) open source ...

ScarCruft’s Operation HanKook Phantom uses RokRAT malware in spear-phishing campaigns, targeting South Korean academics for ...