-
Hackers have launched a large-scale supply chain attack by compromising more than 170 npm packages and two PyPI libraries, collectively downloaded over 200 million times weekly, to steal sensitive developer and cloud credentials. The malicious npm pack…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sudden change in GitHub’s token format has triggered an unexpected security vulnerability in Composer, exposing sensitive authentication tokens in CI/CD logs and forcing Packagist to issue an urgent warning to PHP developers worldwide. The issue stem…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google researchers say hackers used AI to develop zero-day exploits, Android backdoors, and automated supply chain attacks targeting GitHub and PyPI.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A stealthy Python-based infostealer campaign that abuses GitHub Releases to host payloads and maintain long-term, low‑visibility access to victim systems. The operation, dubbed “Operation HumanitarianBait” in some reporting, appears designed for cybere…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new cyberespionage campaign that abuses GitHub Releases and a PE-less Python implant to steal data from targeted Windows systems quietly. The operation combines social engineering, trusted cloud infrastructure, and multi-stage obfuscation to maintain…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google patches a CVSS 10 Gemini CLI vulnerability that allowed hackers to use prompt injection and privilege escalation for a full supply chain compromise.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly uncovered cyber campaign dubbed “EtherRAT” is raising concerns across enterprise environments, as attackers combine SEO poisoning, GitHub abuse, and blockchain-based infrastructure to target high-privilege IT professionals. Instead of broadly t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated software supply chain attack originating from the GitHub account BufferZoneCorp has been uncovered, targeting developers and continuous integration environments through malicious Ruby gems and Go modules. The campaign deployed sleeper p…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Application security provider Checkmarx has officially confirmed a new security incident involving the exposure of its internal GitHub repository. On April 27, 2026, Udi-Yehuda Tamar, the company’s VP of Platform Engineering and Global CISO, reve…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Socket have uncovered a major supply chain compromise affecting the Bitwarden CLI. Attackers successfully abused a GitHub Action in Bitwarden’s CI/CD pipeline to inject malicious code into the popular password manager’…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
