5 ways to spot software supply chain attacks and stop worms - before it's too late

A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.
ADTmag

The Worm That Ate JavaScript: Inside the Shai-Hulud Supply Chain Attack

The JavaScript development community faced one of its most sophisticated supply chain attacks in September, when a ...

Socket will block it with free malicious package firewall

Socket Firewall Free builds upon the company's safe npm tool by extending scanning capabilities beyond the ...
Bleeping Computer

NPM package caught using QR Code to fetch cookie-stealing malware

Newly discovered npm package 'fezbox' employs QR codes to retrieve cookie-stealing malware from the threat actor's server. The package, masquerading as a utility library, leverages this innovative ...
Infosecurity-magazine.com

npm Package Uses QR Code Steganography to Steal Credentials

A malicious npm package named Fezbox has been found using an unusual technique to conceal harmful code. The package employs a QR code as part of its obfuscation strategy, ultimately aiming to steal ...
Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...
Yahoo Finance

AI/R’s Avenue Code Recognized by Google Cloud for Generative AI Excellence in LATAM

SAN FRANCISCO, Sept. 25, 2025 (GLOBE NEWSWIRE) -- AI/R Company subsidiary Avenue Code, a global software consultancy, proudly announces it has earned the Google Cloud Generative AI Specialization for ...
AZ Central

MGX Recognized as a Top No Code AI Builder for SaaS Websites in 2025

MetaGPT X (MGX), the world’s first platform to deploy a 24/7 multi-agent AI development team, has been officially honored, confirming its status as MGX as a top no-code AI builder for SaaS websites.