Packages

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

Ravie LakshmananMay 12, 2026Supply Chain Attack / Software Security RubyGemsthe standard package manager for the Ruby programming language, has temporarily…

5 jours ago

Hugging Face Packages Weaponized With a Single File Tweak

Hugging Facean open source store for AI models and components, is open to an attack via the "tokenizer" layer that…

5 jours ago

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCPthe threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and…

6 jours ago

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

Ravie LakshmananMay 07, 2026Malware / Threat Intelligence Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository…

2 semaines ago

TeamPCP Hits SAP Packages With ‘Mini Shai-Hulud’ Attack

TeamPCP's extensive supply chain campaign continued this week, as the cybercriminal group compromised several SAP npm packages in a "Mini…

2 semaines ago

Voluntary severance packages: a good way to get rid of the old and the weak?

On cost, Samfiru is blunt about why a buyout program is cheaper than a mass terminationparticularly at companies like Rogers…

3 semaines ago

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

Ravie LakshmananApr 29, 2026Supply Chain Attack / Malware Cybersecurity researchers are sounding the alarm about a new supply chain attack…

3 semaines ago

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating…

4 semaines ago