GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...

GitHub - SkyTruth/shared-datasets-1: Shared platform code and infrastructure for cross-program resources such as user accounts, global geometry layers, and other common services. · GitHub SkyTruth / ...

The landscape of puzzle-solving has shifted from manual brute-force methods to AI-assisted development, with Microsoft Copilot now capable of generating and editing code directly in your live ...

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...

The hacker group TeamPCP uploaded two malicious versions of the popular Python library LiteLLM to PyPI. Using a previously compromised version of the vulnerability scanner Trivy, the attackers stole ...

Google identified the first malicious AI use for a zero-day 2FA bypass in an open-source admin tool, accelerating threat ...

Supply chain attacks with a Dune sci-fi saga branding continue to spread across the open-source ecosystem, with a Microsoft ...

Google's GTIG identified the first zero-day exploit developed with AI and stopped a mass exploitation event. The report documents state actors using AI for vulnerability research and autonomous ...

Google says attackers are using AI for zero-day research, malware development, reconnaissance, and access to premium AI tools ...