A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub version tags to distribute malicious code through Composer packages. [...]
A ransomware group is claiming to have collected data allegedly belonging to Mecanizados y Montajes Aeronáuticos, a Spanish aerospace manufacturing company serving major Tier 1 and OEM programs.
A threat actor on an underground forum is claiming to leak databases allegedly belonging to Avea Vacances, a French organization offering holiday camps and educational stays for children and teenagers.
A threat actor on an underground forum is claiming to have leaked a database allegedly belonging to Optic 2000, a French optical retail and eyewear brand.
GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation.
Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor authentication (2FA) challenge to approve
Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The project maintainers warned ahead of the release that exploits could surface within hours or […]
A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL.
"Although the affected packages were all Composer packages, the malicious code was not added to composer.json," Socket said. "Instead, it was inserted into package.json, targeting projects that ship JavaScript
A threat actor on an underground forum is claiming to have compromised VIPER, an integrated management platform allegedly used by Chilean fire departments.