GitHub is investigating a cyberattack linked to a malicious VS Code extension after hackers allegedly accessed thousands of ...

GitHub, the world’s largest code hosting platform used by over 100 million developers, has confirmed a data breach, and the attackers are selling the stolen data online. The company first acknowledged ...

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other ...

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...

The software supply chain is the new ground zero for enterprise cyber risk. Don't get caught short - SiliconANGLE ...

Mini Shai-Hulud hit 2 OpenAI devices via TanStack, exposing limited credentials and forcing macOS certificate updates by June ...

The exploit code was almost too neat. When Google’s Threat Intelligence Group flagged a previously unknown software ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

Four research teams found the same confused deputy failure in Claude across three surfaces in 48 hours. This audit matrix ...

Google found the first known zero-day exploit it believes was built using AI. The exploit targets two-factor authentication (2FA) on an open-source admin tool. State sponsored hackers from China and ...