Amazon spilled the TEA Yet another supply chain attack has hit the npm registry in what Amazon describes as "one of the largest package flooding incidents in open source registry history" - but with a ...

A dangerous new twist on unwanted packages delivered to doorsteps is putting consumers at risk of identity theft. Fraudsters are enhancing their "brushing scam" tactics, now including QR codes that ...

Attackers have poisoned a code package on the npm registry in a novel way, hiding credential-stealing malware in steganographic QR codes embedded in a package purporting to offer a JavaScript utility.