8 articles and related resources
The recent GitHub breach underscores the critical vulnerability of developer devices in the software supply chain, highlighting the need for enhanced security m
The Mini Shai-Hulud attack in May 2026 compromised npm and PyPI packages, highlighting the need for robust software supply chain security measures.
A 42-line npm package was exploited to infiltrate multiple production environments, highlighting critical supply chain vulnerabilities.
Notepad++'s update infrastructure was compromised in a sophisticated supply chain attack, potentially exposing millions of users to malicious software.
On March 31, 2026, North Korean hackers compromised the Axios npm package, highlighting critical vulnerabilities in the software supply chain.
The widely-used Axios npm package was compromised in a significant supply chain attack, affecting millions of applications and exposing sensitive data.
CISA issues an urgent advisory on the Shai-Hulud npm supply chain attack, compromising over 500 packages and urging immediate dependency reviews.
State-sponsored hackers compromised Notepad++'s update mechanism, delivering malicious payloads to targeted users in East Asia's telecom and financial sectors.