Roblox's popularity in recent years has led to threat actors actively pushing bogus packages to target both developers and ...

Attackers gunning for supply chains again, deploying innovative blockchain technique to hide command & control.

The aim is to infect the systems of developers who rely on these registries for their code. To hide their malicious intent, ...

LottieFiles has revealed that its npm package "lottie-player" was compromised as part of a supply chain attack, prompting it ...

Well-known open-source node package manager (NPM) registries are the target of massive attacks with malicious packages. These ...

Phylum noted that some unknown miscreant was using typosquat packages masquerading as Puppeteer, Bignum.js and various cryptocurrency libraries – 287 packages in total – to trick developers into ...

Software developers, especially those working with cryptocurrencies, are once again facing a supply chain attack via open source code repositories.

Scotiabank analyst George Farmer lowered the firm’s price target on Syndax (SNDX) to $18 from $23 and keeps a Sector Perform rating on ...

An ongoing attack is uploading hundreds of malicious packages to the open source node package manager (NPM) repository in an attempt to infect the devices of developers who rely on code libraries ...

Vivani Medical, Inc. (Nasdaq: VANI) ("Vivani" or the "Company"), a biopharmaceutical company developing miniaturized, ...

For the past month, privately-held NPM has been showing off a product called Tape D to its own investors – Wall Street’s biggest banks. Now, the firm is unveiling its offering more broadly ...