Explore

Trendline Trendline
VS Code Extension Breach Compromises 3,800 GitHub Repositories, Highlights Supply Chain Vulnerabilities

VS Code Extension Breach Compromises 3,800 GitHub Repositories, Highlights Supply Chain Vulnerabilities

VS Code Extension Breach Compromises 3,800 GitHub Repositories, Highlights Supply Chain Vulnerabilities
Trendline Trendline
GitHub Cyberattack: Thousands of Internal Repositories Stolen by Hackers

GitHub Cyberattack: Thousands of Internal Repositories Stolen by Hackers

GitHub Cyberattack: Thousands of Internal Repositories Stolen by Hackers
Trendline Trendline
Grafana Labs Reports Code Breach Linked to TanStack Supply Chain Attack

Grafana Labs Reports Code Breach Linked to TanStack Supply Chain Attack

Grafana Labs Reports Code Breach Linked to TanStack Supply Chain Attack
Trendline Trendline
GitHub Security Breach Involves Compromised Visual Studio Code Extension

GitHub Security Breach Involves Compromised Visual Studio Code Extension

GitHub Security Breach Involves Compromised Visual Studio Code Extension
Trendline Trendline
GitHub Breach via Compromised Nx Console Extension Exposes Internal Repositories

GitHub Breach via Compromised Nx Console Extension Exposes Internal Repositories

GitHub Breach via Compromised Nx Console Extension Exposes Internal Repositories
Trendline Trendline
GitHub Confirms Breach of 3,800 Repositories Due to Malicious VSCode Extension

GitHub Confirms Breach of 3,800 Repositories Due to Malicious VSCode Extension

GitHub Confirms Breach of 3,800 Repositories Due to Malicious VSCode Extension
Trendline Trendline
GitHub Reports Internal Repository Breach Due to Compromised VS Code Extension

GitHub Reports Internal Repository Breach Due to Compromised VS Code Extension

GitHub Reports Internal Repository Breach Due to Compromised VS Code Extension
Rapid Read Rapid Read
Over 320 NPM Packages Compromised in Mini Shai-Hulud Supply Chain Attack

Over 320 NPM Packages Compromised in Mini Shai-Hulud Supply Chain Attack

A new supply chain attack, dubbed Mini Shai-Hulud, has compromised over 320 NPM packages, along with GitHub Actions and a VS Code extension. The attack involved the compromise of the NPM maintainer account 'atool', which has access to multiple packages in the @antv namespace. Malicious versions of these packages were published, affecting popular packages like echarts-for-react. The attack has impacted a wide range of applications and CI environments. Security researchers have tracked over 1,000 versions across various ecosystems, with NPM being the most affected. The attack involves a multi-stage infection chain, with payloads designed to steal credentials and achieve persistence.
Trendline Trendline
GitHub Confirms Data Breach Affecting Thousands of Internal Repositories

GitHub Confirms Data Breach Affecting Thousands of Internal Repositories

GitHub Confirms Data Breach Affecting Thousands of Internal Repositories
Trendline Trendline
GitHub Confirms Hack Impacting 3,800 Internal Repositories in Supply Chain Attack

GitHub Confirms Hack Impacting 3,800 Internal Repositories in Supply Chain Attack

GitHub Confirms Hack Impacting 3,800 Internal Repositories in Supply Chain Attack
Trendline Trendline
GitHub Confirms Breach of Internal Repositories via Malicious Extension

GitHub Confirms Breach of Internal Repositories via Malicious Extension

GitHub Confirms Breach of Internal Repositories via Malicious Extension
Trendline Trendline
Hackers Target Open Source Projects in Major Supply Chain Attack

Hackers Target Open Source Projects in Major Supply Chain Attack

Hackers Target Open Source Projects in Major Supply Chain Attack