developmentHow and why cybercriminals are targeting software developers
We’re breaking down why developers have moved into the crosshairs, the specific tactics attackers are using, and how to reduce the risks of company infrastructure being compromised.
npm
4 articles
supply chainSpam packages in npm: what are they and why are they dangerous?
In November 2025, the npm ecosystem was hit by a flood of junk packages that were part of the IndonesianFoods malicious campaign. We’re breaking down the lessons learned from this incident.
supply-chain attackPopular npm packages compromised
Unknown attackers have compromised several popular npm packages in a supply-chain attack.
Four malicious packages in npm repository
New malicious campaign hunts for Discord tokens and credit card information via infected npm packages.