GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...

More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, ...

Malicious Sicoob.Sdk stole PFX certificates and client IDs via NuGet downloads, enabling API impersonation and payment abuse risks.

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS ...

Researchers have uncovered a new Shai-Hulud malware variant targeting Red Hat-related npm packages, spreading through ...

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

A coordinated malware campaign known as TrapDoor has hit software ecosystems widely used by crypto and blockchain developers.

A supply chain attack was carried out against TanStack, a set of libraries widely used in JavaScript and React development, by releasing malware-infused versions of its npm packages. According to ...

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers exfiltrated code from around 3,800 of the company’s internal repositories. News of ...

From SpaceX’s record IPO plans to AI product launches, cyberthreats, layoffs, and legal fights, this week showed AI’s growing grip on tech.

Some Windows users are reporting they can’t access other Windows computer on their network because they can’t enter the credentials to connect to another computer ...

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...