Home > Topics > software security

software security

8 articles and related resources

// Articles
News 4 min read Jul 4, 2026

GitHub Breach Highlights Developer Devices as Supply Chain Vulnerability

The recent GitHub breach underscores the critical vulnerability of developer devices in the software supply chain, highlighting the need for enhanced security m

News 3 min read Jun 23, 2026

Mini Shai-Hulud Supply Chain Attack Targets npm and PyPI Ecosystems

The Mini Shai-Hulud attack in May 2026 compromised npm and PyPI packages, highlighting the need for robust software supply chain security measures.

News 4 min read May 19, 2026

Malicious npm Package Compromises Multiple Production Deployments

A 42-line npm package was exploited to infiltrate multiple production environments, highlighting critical supply chain vulnerabilities.

News 3 min read Apr 18, 2026

Notepad++ Update Infrastructure Compromised in Sophisticated Supply Chain Attack

Notepad++'s update infrastructure was compromised in a sophisticated supply chain attack, potentially exposing millions of users to malicious software.

News 3 min read Apr 10, 2026

North Korean Hackers Compromise Axios npm Package in Major Supply Chain Attack

On March 31, 2026, North Korean hackers compromised the Axios npm package, highlighting critical vulnerabilities in the software supply chain.

News 3 min read Apr 1, 2026

Axios npm Package Compromised in Major Supply Chain Attack

The widely-used Axios npm package was compromised in a significant supply chain attack, affecting millions of applications and exposing sensitive data.

News 2 min read Mar 17, 2026

CISA Warns of Widespread npm Supply Chain Attack Impacting Over 500 Packages

CISA issues an urgent advisory on the Shai-Hulud npm supply chain attack, compromising over 500 packages and urging immediate dependency reviews.

News 3 min read Mar 16, 2026

Notepad++ Update Mechanism Hijacked in Targeted Supply Chain Attack

State-sponsored hackers compromised Notepad++'s update mechanism, delivering malicious payloads to targeted users in East Asia's telecom and financial sectors.