GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...
Hacked code repository GitHub warned administrators of self-hosted git servers to rotate public encryption keys following a ...
GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...
Popular JavaScript modules including size-sensor and echarts-for-react hit as hijacked account closed GitHub warnings ...
GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...
Thousands of software development teams whose CI/CD pipelines depended on LocalStack’s free community edition lost access to ...
TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...
Mini Shai-Hulud hit 2 OpenAI devices via TanStack, exposing limited credentials and forcing macOS certificate updates by June ...
GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.
A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...
Fake OpenAI Privacy Filter repo hits #1 on Hugging Face with 244K downloads deploying Sefirah infostealer malware.
Supply chain attacks with a Dune sci-fi saga branding continue to spread across the open-source ecosystem, with a Microsoft ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results