Open-source code and legitimate hacking tools have contributed to the rising popularity of a once-rare and complicated type of cyberattack, according to new research shared exclusively with Axios.

Uncover the hidden threats in our election systems’ software supply chains. Protecting democracy demands vigilant cybersecurity efforts.

Attackers are exploiting for the first time a known security risk in a popular MSBuild feature to place hard-to-detect malicious files in the .NET repository.

A new NuGet typosquatting campaign pushes malicious packages that abuse Visual Studio's MSBuild integration to execute code and install malware stealthily.

A recently observed malicious campaign has relied on typosquatting to trick users into downloading a malicious NPM package that would infect their systems with a rootkit, supply chain security firm ReversingLabs warns.

A new deceptive package hidden within the npm package registry has been uncovered deploying an open-source rootkit called r77, marking the first time a rogue package has delivered rootkit functionality.