One of the largest open-source package repositories just spent a weekend cleaning up after a malware campaign that did not break into anything. It did not need to. Attackers seized control of more than 1,500 packages in the Arch User Repository, or AUR, the community-run software collection that sits alongside Arch Linux’s official repositories, and […]<br /> This story continues at The Next Web [...]
Any development environment that installed or imported one of the 172 compromised npm or PyPI packages published since May 11 should be treated as potentially compromised. On affected developer workst [...]
GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and au [...]
A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Securit [...]
A developer gets a LinkedIn message from a recruiter. The role looks legitimate. The coding assessment requires installing a package. That package exfiltrates all cloud credentials from the developerâ [...]
On May 19, 633 malicious npm package versions passed Sigstore provenance verification. They were cleared by the system because the attacker had generated valid signing certificates from a compromised [...]
Attackers jailbroke Anthropic’s Claude and ran it against multiple Mexican government agencies for approximately a month. They stole 150 GB of data from Mexico’s federal tax authority, the nationa [...]
Four supply-chain incidents hit OpenAI, Anthropic and Meta in 50 days: three adversary-driven attacks and one self-inflicted packaging failure. None targeted the model, and all four exposed the same g [...]
Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a [...]