Sign in Subscribe

open source

NPM hack shows stakes of open‑source supply chainsA

NPM hack shows stakes of open‑source supply chainsA

A large-scale breach of the NPM software registry on 8 September 2025 underscores how a single compromised account can ripple through government and private sector IT. NPM—the official repository for JavaScript packages at npmjs.com—is best understood as a public library of reusable code “building blocks” that developers

Bad actors threaten to weaponize open source software

Bad actors threaten to weaponize open source software

A recent report by Strider Technologies, reported by Defense One, describes how state-sponsored hackers from China, Russia, and North Korea are contributing to widely used open-source software. By injecting vulnerabilities and backdoors into the open-source projects that are built into digital infrastructure, these actors can potentially exfiltrate sensitive data or