According to its incident report, the attacker embedded malicious code in a Trivy artifact distributed through the project’s software supply chain. When the European Commission’s CI/CD pipelines ...

GitHub is investigating an alleged breach after TeamPCP claimed access to nearly 4,000 private repositories, though no impact ...

The code that makes up the software now powering U.S. utilities is rife with vulnerabilities, including hundreds that are "highly exploitable," a new research report released by Fortress Information ...

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension - SiliconANGLE ...

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

GitHub, the world's biggest code repository and DevOps platform, fell victim to a malicious Visual Studio Code (VS Code) ...

Legitimate websites have reportedly been compromised after a once useful polyfill[.]com-hosted Javascript code has been altered by its new owners, leading websites to unintentionally link users to ...

On April 30, two releases of one of the most popular machine learning libraries on the Python Package Index were caught carrying credential-stealing malware. Versions 2.6.2 and 2.6.3 of the lightning ...

An unidentified threat actor breached one of application security vendor Xygeni's GitHub Actions this month via tag poisoning. Xygeni, which sells a number of AI-powered AppSec products, said in a ...

A compromised version of the popular ultralytics AI library has been found to deliver a cryptocurrency mining payload. ReversingLabs researchers traced the issue to a breach of the library’s build ...

Polymarket confirms a private key compromise drained over $520K from an internal wallet. Smart contracts and user funds ...