When ‘minimal impact’ isn’t reassuring: lessons from the largest npm supply chain compromise
Commentary that downplays the compromise’s impact misses the point, the co-founder of Sonatype argues.
Advertisement
Showing 10 of 48 results
-
APT33 changed their code after a report in March. (Getty) Cybersecurity -
A picture taken on March 23, 2022 in Moscow shows the US instant messaging software Whatsapp logo on a smartphone screen.(Photo by -/AFP via Getty Images) Privacy Former WhatsApp security manager sues company for privacy violations, professional retaliation
Attaullah Baig alleges that the social media giant fired him for raising security concerns about its WhatsApp messaging platform.
-
Getty Images Threats Officials gain control of Rapper Bot DDoS botnet, charge lead developer and administrator
The DDoS botnet was among the most powerful on record, allegedly exceeding six terabits per second during its largest attack, authorities said. Victims are spread across 80 countries.
-
A corporate logo for Microsoft hangs above the door to its office building on 8th Avenue on June 24, 2025, in New York City. (Photo by Gary Hershorn/Getty Images) Technology Microsoft Patch Tuesday follows SharePoint attacks, Exchange server warnings
Despite serious alarm raised by officials, organizations have not applied the patch for Microsoft Exchange servers en masse.
-
(Getty Images) Technology AT&T deploys new account lock feature to counter SIM swapping
The feature is available for both consumer and business accounts.
-
Andriy Onufriyenko, via Getty Images Threats String of defects in popular Kubernetes component puts 40% of cloud environments at risk
Researchers aren’t aware of active exploitation in the wild, but they warn the risk for publicly exposed and unpatched Ingress Nginx controllers is extremely high.
-
(Getty Images) Research Infostealers fueled cyberattacks and snagged 2.1B credentials last year
Inexpensive information-stealing malware surged in 2024, infecting 23 million hosts, according to Flashpoint.
-
The headquarters of the US Securities and Exchange Commission (SEC) is seen in Washington, DC, January 28, 2021. (SAUL LOEB/AFP via Getty Images) Government SEC rebrands cryptocurrency unit to focus on emerging technologies
The agency is rebranding a tech-focused unit in a move that some critics worry may be part of a larger shift away from regulating the crypto space.
-
Palo Alto Networks headquarters in Silicon Valley; Palo Alto Networks, Inc. is an American multinational cyber security company. (Getty Images) Threats More bugs in Palo Alto Expedition see active exploitation, CISA warns
Hackers have been actively targeting the firewall management software through multiple vulnerabilities.
-
In this photo illustration, a visual representation of the digital cryptocurrency Bitcoin is displayed in front of Securities and Exchange Commission (SEC) logo on January 10, 2024 in Paris, France. (Photo illustration by Chesnot/Getty Images) Cybercrime Alabama man arrested for role in SEC Twitter account hijacking
Eric Council Jr. was charged with aggravated identity theft and access device fraud in connection with the January 2024 incident.