Cybernews

CISA, GitHub take action after massive NPM supply chain compromise

CISA and GitHub have responded to a widespread supply chain attack involving the Shai-Hulud worm compromising over 500 NPM packages.

GitHub is finally tightening up security around npm following multiple attacks

Furthermore, GitHub announced it would deprecate legacy classic tokens, as well as time-based one-time password (TOTP) 2FA, ...
SecurityWeek

GitHub Boosting Security in Response to NPM Supply Chain Attacks

In the light of recent supply chain attacks targeting the NPM ecosystem, GitHub will implement tighter authentication and ...
GitHub

MatrixSeven/file-transfer-go

MatrixSeven / file-transfer-go Public Notifications You must be signed in to change notification settings Fork 396 Star 3.1k ...
XDA Developers on MSN

I built my own video platform like YouTube by self-hosting this tool

Tired of YouTube’s rules and ads? I built my own video platform with MediaCMS: an open-source, self-hosted, and surprisingly ...
The Hacker News

DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams

DPRK used ClickFix to deliver compiled BeaverTail to crypto marketers; Windows build used password-protected archives, ...
GitHub

Train multi-step agents for real-world tasks using GRPO.

RULER (Relative Universal LLM-Elicited Rewards) eliminates the need for hand-crafted reward functions by using an LLM-as-judge to automatically score agent trajectories. Simply define your task in the ...
Hackaday

This Week In Security: The Shai-Hulud Worm, ShadowLeak, And Inside The Great Firewall

Hardly a week goes by that there isn’t a story to cover about malware getting published to a repository. Last week it was ...