Tag: malware

A malicious NPM package targeting TensorFlow users was discovered on npm. The package uses typosquatting to target the popular `tensorflow` package.

AI coding agents make development faster but can inadvertently introduce security risks by suggesting unvetted packages. Learn how to use vet MCP server for adding security to your vibe coding...

Hidden transitive dependencies create security blind spots. This blog shows developers and CISOs how SafeDep vet uncovers full Maven dependency graphs, generating CycloneDX SBOMs and compliance-ready...

Multiple malicious Python packages targeting crypto developers and their applications using typosquatting were discovered on PyPI. The packages were used to steal funds by executing a stealthy...

A supply chain attack exploiting eslint-config-prettier and other popular npm packages were discovered with major supply chain impact. In this blog, we will explore the details of the hack and the...

Introducing Container Image Scanning, a new feature in vet to identify vulnerabilities and malicious packages in container images.