Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
GitHub

External JavaScript for yt-dlp supporting many runtimes

The project provides lockfiles for every supported package manager. If you only have Python and a JS runtime, then you may instead run ./hatch_build.py. This will transparently invoke one of the ...
Microsoft

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence ...

GitHub links repo breach to TanStack npm supply-chain attack

GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS ...
GitHub

repository-settings.md

Set Git repository settings and policies [!INCLUDE version-lt-eq-azure-devops] [!INCLUDE ai-assistance-mcp-server-tip] There are several ways to customize your Azure Repos Git repositories by using ...
Bleeping Computer

Trellix discloses data breach after source code repository hack

Cybersecurity firm Trellix disclosed a data breach after attackers gained access to "a portion" of its source code repository. Trellix is a global cybersecurity company formed from the October 2021 ...
Phys.org

UK's national soil database released as open-access repository

Cranfield University has launched a new soil and environmental online database and mapping tool, opening up detailed information about land in England and Wales. In collaboration with Defra, Cranfield ...