GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale incidents recently. The attacks led to the compromise of thousands of accounts and ...

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...

More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, ...

GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...

Compromised npm packages targeted Red Hat cloud services, enabling credential theft and expanding supply chain risks.

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...

GitHub this week committed to a more secure NPM supply chain in the wake of a handful of attacks causing widespread compromise. On Sept. 22, GitHub senior director of security research Xavier ...

Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...

The tool gathered over 29,000 downloads before the malicious npm package was identified ...

The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, say researchers. A new version of the Shai-Hulud credentials-stealing ...

The fatal flaw was a hardcoded fallback token left in the code. Because the malware carried the operator's own GitHub credential, researchers could trace the exfiltration directly, observing around ...