Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

Overview: Programmers prefer Python in AI, data science, and machine learning projects, while JavaScript is useful in web and full-stack development.GitHub and ...

Here's how the JavaScript Registry evolves makes building, sharing, and using JavaScript packages simpler and more secure ...

A report from ReversingLabs reveals a massive 73% increase in malicious open-source packages in 2025, with over 10,000 ...

Open source malware surged 73% in 2025, with npm as a key target with rising risks in software supply chains and developer environments.

This case study examines how vulnerabilities in AI frameworks and orchestration layers can introduce supply chain risk. Using ...

Oh, sure, I can “code.” That is, I can flail my way through a block of (relatively simple) pseudocode and follow the flow. I ...

Keith: John, tell us a little bit about Chainguard and what you’re going to be showing us on DEMO today. John: Definitely. Chainguard is about four years old. We are the safe source for open source.

Stranger Things concept of the “Upside Down” is a useful way to think about the risks lurking in the software we all rely on.

A team of national laboratory researchers recently released version 1.0 of the Marine Hydrokinetic Toolkit (MHKiT)?a free, publicly available software tool used to process, analyze, ...

The threat situation in the software supply chain is intensifying. Securing it belongs at the top of the CISO’s agenda.