Tech Times

npm Supply Chain Attacks Hit GitHub: 2FA Approval Gate Now Blocks Stolen CI Tokens

GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...

Drupal: Critical SQL injection flaw now targeted in attacks

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier ...

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
The Hacker News

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

Malicious npm package downloaded 676 times stole Claude AI files via GitHub uploads, increasing AI-driven malware risks.
The Hacker News

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.
Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

Megalodon cyberattack infects 5,500 GitHub open-source repositories with malware, researchers say

Security researchers say 5,500 GitHub repositories have been affected by the attack.
SecurityWeek

Gitea Vulnerability Exposed 30,000 Deployments to Attacks

The security flaw allowed attackers to pull private container images, exposing source code, credentials, and infrastructure. A vulnerability in open source, self-hosted Git service Gitea could have ...