open source security - The Cyber Trove

Shai-Hulud Campaign Expands With 23 Malicious PyPI Packages

Latest News

Shai-Hulud Campaign Expands With 23 Malicious PyPI Packages

A new wave of the Shai-Hulud PyPI attack is accelerating concerns around open-source supply chain security. … Shai-Hulud Campaign Expands With 23 Malicious PyPI PackagesRead more

by Rakesh•June 9, 2026June 9, 2026•0

OWASP CVE Lite CLI Brings Developer-First Vulnerability Scanning to the Terminal

Latest News

OWASP CVE Lite CLI Brings Developer-First Vulnerability Scanning to the Terminal

A new open-source tool is reshaping how developers approach application security. The OWASP CVE Lite CLI … OWASP CVE Lite CLI Brings Developer-First Vulnerability Scanning to the TerminalRead more

by Rakesh•June 6, 2026June 6, 2026•0

Malicious PyPI Package Exploits Typosquatting to Deploy Backdoor

Latest News

Malicious PyPI Package Exploits Typosquatting to Deploy Backdoor

A malicious PyPI package designed to mimic a widely used Python library has exposed thousands of … Malicious PyPI Package Exploits Typosquatting to Deploy BackdoorRead more

by Rakesh•June 5, 2026June 5, 2026•0

Massive npm Supply Chain Attack Targets Red Hat Packages

Latest News

Massive npm Supply Chain Attack Targets Red Hat Packages

A large-scale npm supply chain attack has compromised dozens of official packages under the @redhat-cloud-services scope, … Massive npm Supply Chain Attack Targets Red Hat PackagesRead more

by Rakesh•June 2, 2026June 2, 2026•0

npm Resets Tokens After “Mini Shai-Hulud” Supply Chain Attack

Latest News

npm Resets Tokens After “Mini Shai-Hulud” Supply Chain Attack

A large-scale software supply chain attack has forced npm to take unprecedented action, resetting thousands of … npm Resets Tokens After “Mini Shai-Hulud” Supply Chain AttackRead more

by Rakesh•May 22, 2026May 22, 2026•0

“CypherLoc” Scareware Attack Targets Millions With Fake Alerts

Latest News

“CypherLoc” Scareware Attack Targets Millions With Fake Alerts

A widely used AI development platform has been found vulnerable to a one-click account takeover, exposing … “CypherLoc” Scareware Attack Targets Millions With Fake AlertsRead more

by Rakesh•May 21, 2026May 21, 2026•0

Critical Dify AI Flaws Enable One-Click Account Takeover

Latest News

Critical Dify AI Flaws Enable One-Click Account Takeover

A widely used AI development platform has been found vulnerable to a one-click account takeover, exposing … Critical Dify AI Flaws Enable One-Click Account TakeoverRead more

by Rakesh•May 21, 2026May 21, 2026•0

Malicious NuGet Packages Compromise 64K+ Developer Systems

Latest News

Malicious NuGet Packages Compromise 64K+ Developer Systems

A stealthy supply chain attack is quietly spreading through the .NET ecosystem, targeting developers and build … Malicious NuGet Packages Compromise 64K+ Developer SystemsRead more

by Rakesh•May 7, 2026May 7, 2026•0

Urgent: Critical Notepad++ Flaw Exposes Private Memory

Latest News

Urgent: Critical Notepad++ Flaw Exposes Private Memory

In the toolkit of any developer or system administrator, Notepad++ is a ubiquitous fixture. Known for … Urgent: Critical Notepad++ Flaw Exposes Private MemoryRead more

by Rakesh•April 27, 2026•0

KICS Docker Supply Chain Attack: DevOps Secrets at Risk

Latest News

KICS Docker Supply Chain Attack: DevOps Secrets at Risk

A new KICS Docker supply chain attack has sent shockwaves through the DevSecOps community—proving once again … KICS Docker Supply Chain Attack: DevOps Secrets at RiskRead more

by Rakesh•April 23, 2026April 23, 2026•0