The Hacker News

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.
Tech Times

500 Poisoned Packages, Hundreds of Companies: TeamPCP’s Worm Just Reached GitHub

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...

THORChain exploit tied to malicious node and GG20 flaw

The $10 million THORChain exploit was caused by a vulnerability in its GG20 signing framework, which allowed the hacker to ...
CSO Online

Google leaks details for Chromium bug that can turn browsers into bots

Reported over three years ago and allegedly still not properly fixed, the vulnerability enables attacks to execute JavaScript ...

Google accidentally exposed details of unfixed Chromium flaw

Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

GitHub links repo breach to TanStack npm supply-chain attack

GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS ...

Mini Shai-Halud hackers publish over 600 compromised npm packages

The Shai-Hulud campaign continues, now affecting hundreds of new packages and potentially compromising thousands of projects.