A single developer. One poisoned extension. Five supply chain surfaces compromised in 48 hours. And a threat group claiming ...

Supply chain chaos, old bugs, smarter phishing, and botnets everywhere — here’s what broke the internet this week.

Our free mini version of the classic crossword puzzle with a business twist. Perfect for the crossword enthusiast who only has a few minutes between meetings. New puzzles go live five days a week, ...

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.

GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed ...

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...

Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer ...

Numerous TanStack packages on npm have suffered a supply chain attack, apparently as part of the “Mini Shai-Hulud” attack wave.