Software supply chain company JFrog Ltd. today launched JFrog Curation, an automated DevSecOps solution that checks and blocks infected open-source or third-party software packages and their ...

The open-source development ecosystem has experienced a significant rise in malicious software components, putting enterprises on high alert for software supply chain attacks. Malware is infiltrating ...

Google Cloud wants to help improve the security of the most widely used open-source software, and to do so it’s making its Assured Open Source Software service generally available for Java and Python ...

A rise in malicious software packages exploiting system vulnerabilities has been detected by security researchers. A new report, published by Fortinet today, analyzes threats observed from November ...

JFrog, the Liquid Software company and creators of the JFrog Software Supply Chain Platform, is launching JFrog Curation, an automated DevSecOps solution that checks and validates open source or third ...

The LofyGang threat group is using more than 200 malicious NPM packages with thousands of installations to steal credit card data, and gaming and streaming accounts, before spreading stolen ...

Open source malware surged 73% in 2025, with npm as a key target with rising risks in software supply chains and developer environments.

Two malicious npm packages disguised as legitimate developer utilities on the npm registry contain backdoors that could wipe out entire production systems, posing a threat to the software supply chain ...

JFrog Curation blocks the use of risky open source software packages without compromising development speed or the developer experience, JFrog said. It uses binary metadata for identifying malicious ...

A new NuGet typosquatting campaign pushes malicious packages that abuse Visual Studio's MSBuild integration to execute code and install malware stealthily. NuGet is an open-source package manager and ...

A security researcher and system administrator has developed a tool that can help users check for manifest mismatches in packages from the NPM JavaScript software registry. Last week, a former ...