News

CSO Online2d
GitHub package limit put law firm in security bind
A cautionary tale of how a developer tool limit case could derail cybersecurity protections if not for quick thinking, public ...
SecurityWeek14d
Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack
Supply chain attack compromises the popular rand-user-agent scraping NPM package to deploy and activate a backdoor.
Computing3mon
Lazarus Group hiding malware in GitHub and open-source packages
The group slips “undetectable” malware into GitHub ... packages disguised as legitimate DeepSeek AI libraries were removed from PyPI after extracting sensitive credentials from developers ...
Computing2mon
GitHub supply-chain attack threatens 23,000 organisations
The compromised commit contained base64-encoded instructions to download Python code which would then scan the memory of the GitHub Runner for credentials. The issue is tracked as CVE-2025-30066.