A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...
Microsoft

Introducing RAMPART and Clarity: Open source tools to bring safety into Agent development workflow

The AI systems shipping inside enterprises today are fundamentally different from the ones we were building even two years ...
Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.
Tech Times

Grafana Labs’ GitHub Token Stolen via CI/CD Flaw: Codebase Gone, Ransom Refused

Grafana Labs, whose observability dashboards run inside the infrastructure of more than 7,000 organizations worldwide — ...
GovInfoSecurity

Breach Roundup: Shai-Hulud Copycat Hits npm

This week, more incidents that we can here list. Among them: cloned Shai-Hulud malware, a new maximum CVSS Cisco flaw. Edge ...
Hackaday

This Week In Security: Android Exposes ADB, ShinyHunters Get Paid, Robot Dogs, And More

Google has patched an Android ADB bug in the May security patch set. If you have a Pixel phone you should already have the patches, and most other major manufacturers should be close behind.

Open source tool maker Grafana Labs says hackers stole its code, refuses to pay ransom

The open source project said hackers stole its codebase and threatened to publish its source code if the company did not pay.

Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack

The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects ...
The Next Web

Grafana Labs refuses ransom after hackers steal already-open-source code

Grafana Labs has disclosed that hackers stole its source code via a compromised GitHub token and demanded a ransom.
Decrypt

GitHub Confirms 3,800 Internal Repos Stolen Through Poisoned VS Code Extension

TeamPCP gained access to GitHub's private source code after an employee unknowingly installed a malicious coding tool.

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens ...