News

Supply-chain attacks on open source software are getting out of hand
It has been a busy week for supply-chain attacks targeting open source software available in public repositories, with ...
The Register on MSN15h
Freelance dev shop Toptal caught serving malware after GitHub account break-in
Malicious code lurking in over 5,000 downloads, says Socket researcher Developer freelancing platform Toptal has been ...
GitHub users targeted with dangerous malware attacks - here's what we know
GitHub is being weaponized as malware infrastructure, report warns Emmenhtal and Amadey are part of a coordinated, ...
USA Today1mon
Coinbase victims speak out amid massive breach at crypto exchange
Coinbase victims speak out as breach, brazen hackers and a culture of silence collide ... F.K.’s attack happened in late December. Ed Suman’s came in March. D.R.’s was in early May.
Hackers breach Toptal GitHub account, publish malicious npm packages
Hackers compromised Toptal's GitHub organization account and used their access to publish ten malicious packages on the Node ...
CSOonline1mon
GitHub Actions attack renders even security-aware orgs vulnerable
GitHub Actions attacks get real. GitHub Actions is a CI/CD (continuous integration and continuous delivery) service that enables developers to automate software builds and tests by setting up ...