Ongoing supply-chain attack 'explicitly targeting' security, dev tools

Software security testing outfit Checkmarx has become the latest organization caught up in an ongoing attack on security-tool providers. The biz said data posted online appears to have come from one ...

Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain

A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...
The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
Security Boulevard

Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer ...
NerdWallet

Best Day Trading Platforms for 2026

Sam Taube writes about investing for NerdWallet. He has covered investing and financial news since earning his economics degree from the University of Maryland in 2016. Sam has previously written for ...

Vercel security breach explained: How a third-party AI tool exposed internal systems and ...

Vercel confirmed a security incident involving unauthorized access to internal systems, stemming from a compromised ...