NPM flooded with malicious packages downloaded more than 86,000 times

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 ...

Invisible npm malware pulls a disappearing act – then nicks your tokens

A new supply chain attack dubbed PhantomRaven has flooded the npm registry with malicious packages that steal credentials, ...
Agence France-Presse

Veracode Report Finds 63% of Financial Services Firms Carry Critical Security Debt, Heightening Supply Chain Risk

View the full release here: "Trust is everything in financial services, yet our data reveals a silent, growing risk for the ...
TMCnet

TASKING and LDRA Announce Advanced Data and Control Coupling Capabilities to Measure Hidden Timing Interference in Multi-core Applications

LDRA, a TASKING Company, and a leader in automated software verification, traceability and standards compliance, today announced that the LDRA tool suite now supports advanced analysis of timing ...
PCMag on MSN

Interview With Claude Code Creator: It Was an Accident That Changed Everything

Anthropic's Boris Cherny tells us about the agentic coding tool's humble beginnings and where it's headed next.

Data Theorem Ranked #1 for Cloud-Native Use Case in the 2025 Gartner® Critical Capabilities for Application Security Testing Report

Data Theorem, Inc., a leading provider of modern application security testing and protection solutions for cloud-native, web, ...
CSO Online

Malicious packages in npm evade dependency detection through invisible URL links: Report

Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.
Unite.AI

CoreStory Raises $32 Million Series A to Bring AI Code Intelligence to Legacy Software

CoreStory has raised $32 million in Series A funding, positioning itself to tackle one of enterprise technology’s toughest challenges: modernizing the enormous volumes of legacy code still powering ...
Infosecurity Magazine

Npm Malware Uses Invisible Dependencies to Infect Dozens of Packages

The ongoing ‘PhantomRaven’ malicious campaign has infected 126 npm packages to date, representing 86,000 downloads ...
Electronic Specifier

Tasking & LDRA announce advanced data & control coupling

LDRA announced that the LDRA tool suite now supports advanced analysis of timing coupling interference on multi-core ...

PhantomRaven attack floods npm with credential-stealing packages

An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD secrets, and GitHub credentials.