Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...

Reported over three years ago and allegedly still not properly fixed, the vulnerability enables attacks to execute JavaScript ...

India's software supply chain security challenge is deepening as AI expands the attack surface while many enterprises lack ...

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...

The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects ...

The $10 million THORChain exploit was caused by a vulnerability in its GG20 signing framework, which allowed the hacker to ...

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens ...

Laravel-Lang compromise tagged 700+ versions on May 22–23, 2026, triggering PHP stealers that exfiltrate credentials.

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...

A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated ...

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...