Shai Hulud malware turns developers into unwitting distributors in NPM supply chain attacks

Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain ...
IEEE

An empirical comparison of dependency issues in OSS packaging ecosystems

Abstract: Nearly every popular programming language comes with one or more open source software packaging ecosystem(s), containing a large collection of interdependent software packages developed in ...
GitHub

Breaking change on GemfileNotFound behavior on 4.0.1 #9182

Description In Bundler 4.0.1, a breaking change was introduced in how GemfileNotFound errors are handled. Previously, when a Gemfile was not found, Bundler would exit with status code 10. However, in ...
The Hacker News

Blockchain | Breaking Cybersecurity News | The Hacker News

Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a "security incident" that led to the loss of approximately $7 million. The ...
GitHub

GitHub Advisory Database

GHSA-g9jg-w8vm-g96v was published for action_text-trix (RubyGems) 3 days ago serverless MCP Server vulnerable to Command Injection in list-projects tool High CVE-2025-69256 was published for ...