development

We’re breaking down why developers have moved into the crosshairs, the specific tactics attackers are using, and how to reduce the risks of company infrastructure being compromised.

In 2025, just as in the year prior, supply-chain attacks remained one of the most severe threats facing organizations. We’re breaking down last year’s most noteworthy incidents.

In November 2025, the npm ecosystem was hit by a flood of junk packages that were part of the IndonesianFoods malicious campaign. We’re breaking down the lessons learned from this incident.

This is a story of how a blockchain developer lost US$500 000 to a fake Solidity extension from the Open VSX marketplace.

How to assess all the complexities of open-source application integration in advance, and choose the most efficient solutions.

Popular AI code assistants try to call non-existent libraries. But what happens if attackers actually create them?

We look at the most notable supply-chain attacks of 2024.

The JavaScript CDN service Polyfill.io has started spreading malicious code. Remove the service’s script from your website.

We take an in-depth look at securing and configuring containerization systems.

What security aspects should be top-of-mind when implementing important changes in corporate IT infrastructure?

Low-code apps lower IT costs, but boost information security risks. How to mitigate them?

Сloud technologies differ in terms of both costs and risks. What cloud type should you choose, and how should you begin your migration?

Open-source applications require proper implementation and maintenance; otherwise a company could face many threats. We highlight the key risks.

Business is actively moving over to open-source solutions. How can the transition be made successfully, and what are the risks to consider?

Illegal businesses in the shadow economy need employees no less than their legal counterparts. Let’s take a look at how “dark HR” works.

An interesting bug in one of the most popular embedded DBMS.

Researchers from Cambridge describe the Trojan Source method for inserting hidden implants in source code.

Supply-chain attacks through public repositories have become more frequent of late. Here’s how to deal with them.

Why working in Kaspersky Lab has always been more than just business.