software security

News 4 min read May 19, 2026

Malicious npm Package Compromises Multiple Production Deployments

A 42-line npm package was exploited to infiltrate multiple production environments, highlighting critical supply chain vulnerabilities.

News 3 min read Apr 18, 2026

Notepad++ Update Infrastructure Compromised in Sophisticated Supply Chain Attack

Notepad++'s update infrastructure was compromised in a sophisticated supply chain attack, potentially exposing millions of users to malicious software.

News 3 min read Apr 10, 2026

North Korean Hackers Compromise Axios npm Package in Major Supply Chain Attack

On March 31, 2026, North Korean hackers compromised the Axios npm package, highlighting critical vulnerabilities in the software supply chain.

News 3 min read Apr 1, 2026

Axios npm Package Compromised in Major Supply Chain Attack

The widely-used Axios npm package was compromised in a significant supply chain attack, affecting millions of applications and exposing sensitive data.

News 2 min read Mar 17, 2026

CISA Warns of Widespread npm Supply Chain Attack Impacting Over 500 Packages

CISA issues an urgent advisory on the Shai-Hulud npm supply chain attack, compromising over 500 packages and urging immediate dependency reviews.

News 3 min read Mar 16, 2026

Notepad++ Update Mechanism Hijacked in Targeted Supply Chain Attack

State-sponsored hackers compromised Notepad++'s update mechanism, delivering malicious payloads to targeted users in East Asia's telecom and financial sectors.