Top open source PyPI package with over 1 million downloads each month hacked to send out malware

This was not a case of stolen credentials, but rather of vulnerability exploitation.
CSO Online

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...
SD Times

Hallucinated code, real threat: How slopsquatting targets AI-assisted development

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
The Hacker News

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.
adtmag.com

5 Top JavaScript Snippet Packages for Visual Studio Code

Visual Studio Code is a great, free, cross-platform, open source code editor with an extensive library of prebuilt extensions for all kinds of useful, add-on functionality. Sometimes, however, you don ...