Cryptopolitan on MSN

Mini Shai-Hulud worm hijacks 323 npm packages under 30 minutes through a single stolen account

On May 19, the Mini Shai-Hulud worm compromised one npm maintainer account and pushed 639 malicious versions across 323 ...
InfoWorld

GitHub admits major source code leak after 3,800 internal repositories breached

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...

Clear your calendar, Drupal user: You have a critically urgent patch to install

If you use Drupal, get ready to patch without delay. The org behind the popular open source content management system is ...

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

Hundreds of malicious npm packages discovered in AntV ecosystem

The data visualization ecosystem AntV was targeted by a Mini Shai Hulud supply chain attack involving hundreds of malicious npm packages.
InfoWorld

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...
CSO Online

Contractor’s public GitHub account exposed GovCloud and CISA credentials

This kind of exposure happens with alarming frequency,’ said an expert; here’s what CSOs and CIOs should do to protect ...