dependency security

News 4 min read May 19, 2026

Malicious npm Package Compromises Multiple Production Deployments

A 42-line npm package was exploited to infiltrate multiple production environments, highlighting critical supply chain vulnerabilities.

News 2 min read Apr 17, 2026

CocoaPods Vulnerability Exposes iOS Apps to Supply Chain Attacks

Recent research reveals critical vulnerabilities in CocoaPods, exposing numerous iOS apps to potential supply chain attacks through dependency hijacking.

News 2 min read Mar 18, 2026

Shai-Hulud Worm Targets npm Registry, Compromises 1,000+ Packages

The Shai-Hulud worm compromised over 1,000 npm packages, exposing 25,000 GitHub repositories, highlighting critical supply chain security vulnerabilities.