Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...

When OpenAI engineers discovered that a poisoned update to a widely used JavaScript library had executed on two corporate ...

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.

Cybersecurity firm Trellix disclosed a data breach after attackers gained access to "a portion" of its source code repository. Trellix is a global cybersecurity company formed from the October 2021 ...

The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion. Yesterday, the ...

The full source code for Metal Gear Solid 2: Sons of Liberty has leaked online. The files, posted to 4chan, reportedly include the raw, uncompressed source code for "every version up to [the PS] Vita" ...

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.

Copycat hackers are competing to win $1,000 for the largest supply chain attack using Shai-Hulud, an open-sourced worm that has brought down a few major open-source projects. Malicious NPM packages ...