development

18 articles

Most notable supply-chain attacks of 2025

The most notable supply-chain attacks of 2025

In 2025, just as in the year prior, supply-chain attacks remained one of the most severe threats facing organizations. We’re breaking down last year’s most noteworthy incidents.

IndonesianFoods Spam Campaign: 89 000 junk packages in npm

Spam packages in npm: what are they and why are they dangerous?

In November 2025, the npm ecosystem was hit by a flood of junk packages that were part of the IndonesianFoods malicious campaign. We’re breaking down the lessons learned from this incident.

How malicious extensions from Open VSX were used to steal cryptocurrency

How installing a fake extension from Open VSX led to cryptocurrency theft

This is a story of how a blockchain developer lost US$500 000 to a fake Solidity extension from the Open VSX marketplace.

The true cost of open-source support in companies

How to choose open-source solutions for your organization

How to assess all the complexities of open-source application integration in advance, and choose the most efficient solutions.

What is slopsquatting, and how to protect your organization from it

How AI creates “slopsquatting” supply-chain risks

Popular AI code assistants try to call non-existent libraries. But what happens if attackers actually create them?

The biggest supply chain attacks in 2024

Supply-chain attacks in 2024

We look at the most notable supply-chain attacks of 2024.

Why you need to remove the Polyfill.io script from your website

Remove Polyfill.io from your website

The JavaScript CDN service Polyfill.io has started spreading malicious code. Remove the service’s script from your website.

Full list of containerization defenses

Container security from A to Z

We take an in-depth look at securing and configuring containerization systems.

Key trends in IT and related cyber-risks

IT trends and cybersecurity in 2023

What security aspects should be top-of-mind when implementing important changes in corporate IT infrastructure?

Low-code / no-code apps security

Low-code and no-code app security

Low-code apps lower IT costs, but boost information security risks. How to mitigate them?

Public and private clouds compared for risks and costs

Brief cheat-sheet on cloud types and their risks

Сloud technologies differ in terms of both costs and risks. What cloud type should you choose, and how should you begin your migration?

Main risks of open-source applications

Open source: the top-10 risks for business

Open-source applications require proper implementation and maintenance; otherwise a company could face many threats. We highlight the key risks.

Choosing between proprietary and open-source business applications

The pros and cons of open source for businesses

Business is actively moving over to open-source solutions. How can the transition be made successfully, and what are the risks to consider?

Vacancies and recruiting on the dark web

Underground HR: recruiting on the dark web

Illegal businesses in the shadow economy need employees no less than their legal counterparts. Let’s take a look at how “dark HR” works.

A 22-year-old vulnerability has been found in SQLite that could theoretically be used for DoS and arbitrary code execution.

The consequences of a years-old SQLite vulnerability

An interesting bug in one of the most popular embedded DBMS.

Invisible implants in source code

Researchers from Cambridge describe the Trojan Source method for inserting hidden implants in source code.

How to secure DevOps

Supply-chain attacks through public repositories have become more frequent of late. Here’s how to deal with them.

When working is more than just business

Why working in Kaspersky Lab has always been more than just business.