The Hacker News

npm’s Update to Harden Their Supply Chain, and Points to Consider

In short, npm has taken an important step forward by eliminating permanent tokens and improving defaults. Until short-lived, ...
SecurityWeek

eScan Antivirus Delivers Malware in Supply Chain Attack

The eScan supply chain attack resulted in malware infections after hackers compromised an update server and pushed a malicious file.
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Half a dozen vulnerabilities in the JavaScript ecosystem’s leading package managers — including NPM, PNPM, VLT, and Bun — could be exploited to bypass supply chain attack protections, according to ...