Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens ...

GitHub has confirmed that roughly 3,800 internal repositories were hacked after an employee installed an infected VS Code ...

The code hosting giant GitHub said it was investigating a breach but said there was no evidence of customer data theft.

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension, ...

Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open ...

Trump sent a message by targeting Bill Cassidy. In defeat, Cassidy delivered one back This Midwestern state leads the nation in home foreclosures as US filings jump by 26% Map: See where gas prices ...

Four npm packages linked to SAP's Cloud Application Programming Model were hijacked. The hackers added code that steals ...

A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Security ...

summary On March 24, 2026, LiteLLM versions 1.82.7 and 1.82.8 on PyPI were backdoored by TeamPCP using stolen CI/CD credentials. The malware harvested SSH keys, cloud credentials, API keys, and crypto ...

A threat actor appears to have used AI-assisted automation to make hundreds of exploit attempts against open source software repositories on GitHub. Fewer than 10% of the more than 450 exploitation ...