News

SecurityWeek

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit

Shai-Hulud is the third major supply chain attack targeting the NPM ecosystem after the s1ngularity attack and the recent ...
Infosecurity Magazine

Shai-Hulud Worm Prowls npm to Steal Hundreds of Secrets

The bundle.js script is designed to steal npm, GitHub, AWS and GCP tokens. But it also installs TruffleHog – an open source ...
Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...

Let us git rid of it, angry GitHub users say of forced Copilot features

Calls to shun Microsoft and GitHub go back a long way in the open source community, but moved beyond simmering ...
Security Boulevard

The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...
CSO Online

Warning: Hackers have inserted credential-stealing code into some npm libraries

Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...
The Hacker News

Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...

Self-propagating supply chain attack hits 187 npm packages

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...
Visual Studio Magazine

GitHub Tops AI Coding Assistants Report, with Microsoft-Related 'Cautions'

Gartner's new Magic Quadrant for AI Code Assistants report shows GitHub Copilot leading the market while forecasting ...

Microsoft introduces Rust repository for Windows driver development

Programming Windows drivers in Rust – Microsoft takes stock and presents a special repository with Rust tools.
Security Boulevard

Detect Secrets in GitLab CI Logs using ggshield and Bring Your Own Source

Discover how to automatically detect secrets in GitLab CI logs using ggshield and GitGuardian's Bring Your Own Source ...
Computer Weekly

Google Cloud unveils open protocol for agentic payments

Google’s Agent Payments Protocol is an open standard developed with over 60 global partners to create a secure standard for ...