On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories. Attackers injected malicious workflows that exfiltrated ...
On September 15, a new supply chain attack was identified that targeted the @ctrl/tinycolor and 150 other NPM packages. The ...
The company is bringing its AI coding agent directly to the terminal with native GitHub integration, agentic capabilities, ...
The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early ...
"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...
GitHub enforces FIDO 2FA and seven-day token limits after Shai-Hulud npm attack to boost supply chain security.
The bundle.js script is designed to steal npm, GitHub, AWS and GCP tokens. But it also installs TruffleHog – an open source ...
A new supply chain attack on npm, the node package manager, has injected the first malware with self-replicating worm ...
Reports surfaced that the widely used npm package @ctrl/tinycolor had been compromised by Wormable Malware as part of a ...
Shai-Hulud is the third major supply chain attack targeting the NPM ecosystem after the s1ngularity attack and the recent ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback