Attackers are exploiting for the first time a known security risk in a popular MSBuild feature to place hard-to-detect malicious files in the .NET repository.

A new NuGet typosquatting campaign pushes malicious packages that abuse Visual Studio's MSBuild integration to execute code and install malware stealthily.

A recently observed malicious campaign has relied on typosquatting to trick users into downloading a malicious NPM package that would infect their systems with a rootkit, supply chain security firm ReversingLabs warns.

A new deceptive package hidden within the npm package registry has been uncovered deploying an open-source rootkit called r77, marking the first time a rogue package has delivered rootkit functionality.

Nearly 90% of companies report they have detected a security issue in their software supply chain in the last 12 months.

Three newly discovered malicious Python packages posted to the Python Package Index (PyPI) are now believed to be part of the VMConnect campaign and have also been tied to the North Korean Lazarus Group.