theregister

Another npm supply chain worm is tearing through dev environments

Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as ...
Security Boulevard

GitHub Actions Supply Chain Attack: Trivy Breach & Workflow

Breakdown of the Trivy GitHub Actions attack, including workflow misconfigurations, token theft, and supply chain exposure.
The Hacker News

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

Over 1,700 malicious packages since Jan 2025 fuel cross-ecosystem supply chain attacks, enabling espionage and financial theft.