The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel series — because it publishes any stolen credentials in a new public GitHub ...
"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...
Plus: An investigation reveals how US tech companies reportedly helped build China’s sweeping surveillance state, and two ...
Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...
A new self-replicating worm dubbed Shai-Hulud has compromised over 180 npm packages, stealing credentials and spreading ...
A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, ...
The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early ...
Earlier this week, the Npm package manager suffered what may be its worst security incident to date. Unknown cybercriminals ...
CountLoader enables Russian ransomware gangs to deploy Cobalt Strike and PureHVNC RAT via Ukraine phishing campaigns.
The first preview of Visual Studio 2026, with deeper GitHub Copilot AI integration, is available through Microsoft’s new ...
An apparent "Dune" aficionado is responsible for the first self-propagating attack on the npm JavaScript repository in what one security company has ...
A supply chain attack involving malicious GitHub Action workflows has impacted hundreds of repositories and thousands of secrets.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback