Threat actors compromised AsyncAPI packages and weaponized trusted CI/CD workflows to distribute malware through npm. This ...
Upwind traces multiple compromised AsyncAPI npm packages to a coordinated supply chain attack targeting software release pipelines and publishing identities.
Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 (CVSS ...
This software implements a polyphonic, multi-channel audio player on the Raspberry Pi. Its purpose is to trigger asynchronous audio events with low latency from a variety of trigger sources, including ...
SilicaProxy is a security proxy for artifact repositories that intercepts every package download and blocks vulnerable, deprecated, or newly published packages before they reach your builds. It sits ...