Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

Microsoft Threat Intelligence has uncovered an active supply chain attack involving malicious npm packages registered under organizational scopes that mirror real internal corporate namespaces, ...
GitHub

GitHub's REST API OpenAPI Description

The OpenAPI Specification (OAS) defines a standard, programming language-agnostic interface description for HTTP APIs, which allows both humans and computers to discover and understand the ...
CoinDesk

Crypto’s biggest exchanges back push for token disclosure standards as industry courts institutional capital

More than 40 crypto firms, including rival exchanges Coinbase and Kraken, are backing a Blockworks-led framework aimed at bringing stock market-style disclosures to token markets.

‘TrapDoor’ malware targets crypto dev tools in supply chain attack

Developer platform Socket says a malware called TrapDoor is targeting crypto and AI developers across npm, PyPI and Crates, aiming to steal crypto wallet info and browser data.