ZDNet

GitHub launches Package Registry to easily generate packages from your code

Code hosting website GitHub announced today a new service for its customers that will allow developers and organizations an easy way to generate "packages" from their code. Packages are ...
Dark Reading

10 Malicious Code Packages Slither into PyPI Registry

Administrators of the Python Package Index (PyPI) have removed 10 malicious software code packages from the registry after a security vendor informed them about the issue. The incident is the latest ...
Threat Post

Malicious npm Code Packages Built for Hijacking Discord Servers

The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases. A series of malicious packages in the Node.js package manager (npm) code ...
Dark Reading

Npm Package Hides Malware in Steganographic QR Codes

Attackers have poisoned a code package on the npm registry in a novel way, hiding credential-stealing malware in steganographic QR codes embedded in a package purporting to offer a JavaScript utility.