A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and ...

The incident highlights how attackers can hide malicious code in software packages that differ from the source code available ...

Your Monday cybersecurity recap covers the latest digital threats, exposed weaknesses, active attacks, and security stories ...

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.

GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly ...

Polygon’s reputation as a reliable DeFi settlement layer is under renewed scrutiny after on-chain investigator ZachXBT flagged an apparent exploit of the Polymarket UMA CTF Adapter contract, the ...

Blockchain investigator ZachXBT has highlighted a suspected security breach involving Polymarket, the world’s largest decentralized prediction market platform. Over $520,000 was reportedly drained ...

The $10.7 million THORChain exploit was caused by a GG20 vulnerability, which allowed a malicious node to reconstruct a full private key to one of its vaults. THORChain said a malicious node operator ...

Researchers are sounding the alarm on a class of exploit inherent in Internet infrastructure itself for which there is no simple fix and nearly half of all websites globally are at risk. Conceptually, ...

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other ...

In an ongoing cyberattack, hackers have compromised several popular open source projects that software developers all over the world rely on. On Tuesday, cybersecurity firms StepSecurity and SafeDep ...

Add Decrypt as your preferred source to see more of our stories on Google. Attackers minted 1,000 eBTC on Echo Protocol’s Monad blockchain deployment before borrowing and moving funds across chains.