A massive phishing campaign targeted GitHub users with cryptocurrency drainers, delivered via fake invitations to the Y ...
GitHub has unveiled a comprehensive plan to improve npm (Node Package Manager) security. The measures are a direct response to the major npm attack in mid-September, in which self-replicating malware ...
GitHub rolled out several updates this week aimed at developer collaboration, open source security and enterprise billing.
GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks.
GitHub enforces FIDO 2FA and seven-day token limits after Shai-Hulud npm attack to boost supply chain security.
Lino Tadros discusses how Microsoft's Azure AI Foundry enables developers to build and deploy intelligent, secure, and ...
GitHub MCP Registry makes Model Context Protocol servers with GitHub repos discoverable from Visual Studio Code.
In response to the recent supply chain attack in the JavaScript package manager npm, GitHub has made a few changes that will ...
A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.
The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early ...
The bundle.js script is designed to steal npm, GitHub, AWS and GCP tokens. But it also installs TruffleHog – an open source tool that can detect as many as 800 secrets. If it finds GitHub tokens, the ...
Shai-Hulud is the third major supply chain attack targeting the NPM ecosystem after the s1ngularity attack and the recent compromise of Josh Junon (Qix), the maintainer of 18 NPM packages that have ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback