The ‘Miasma’ worm source code briefly leaked on GitHub

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain ...
Memeburn

Microsoft Open-Source Tools Hacked to Steal AI Developers’ Passwords

Microsoft GitHub hack hit open-source AI tools, exposing developer passwords and cloud credentials. Here’s why SA tech teams ...

Google Reportedly Wants Android App Code From Play Store Developers

Google is reportedly offering to pay select Android developers for source-code access. Here’s what Play Store developers ...

The Hidden Complexity In AI Infrastructure: Why Credentials Are The Real Attack Surface

The Weaviate incident in 2025 illustrated this clearly. A researcher discovered an exposed OpenAI API key in a public ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...
Mashable SEA

Megalodon cyberattack infects 5,500 GitHub open-source repositories with malware, researchers say

A new report in Security Week warns about a cyberattack that infected 5,561 GitHub open-source repositories with malware.
Tech Times

Red Hat npm Packages Compromised, 57 More Follow: Signed Attestations Cannot Block Pipeline Hijack

Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...
Tech Times

Homebrew 6.0.0 Adds Tap Trust to Block Rogue Ruby Installs, Starts Intel Countdown

Homebrew 6.0.0 shipped June 11 with tap trust, a mechanism that blocks arbitrary Ruby code from third-party taps until ...

It's Not Time To Panic About Claude Mythos; It's Time To Prepare Your Platforms

The risks presented by Mythos-class models are genuine, but organizations that prepare effectively will retain a strong ...

1Password debuts Credential Broker to release secrets only when needed

Password LLC today announced the launch of 1Password Credential Broker, a new product that hands out credentials, tokens and ...
Krebs on Security

Lawmakers Demand Answers as CISA Tries to Contain Data Leak

Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor ...