Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS ...

Malicious Sicoob.Sdk stole PFX certificates and client IDs via NuGet downloads, enabling API impersonation and payment abuse risks.

Researchers have uncovered a new Shai-Hulud malware variant targeting Red Hat-related npm packages, spreading through software publishing ecosystems for persistence and credential theft.

Multiple npm supply chain attacks used 50+ poisoned packages to spread IronWorm, a Rust-based stealer, and a Miasma worm ...

A coordinated malware campaign known as TrapDoor has hit software ecosystems widely used by crypto and blockchain developers.

Security researcher Brian Krebs brings us the news that America’s Cybersecurity & Infrastructure Agency (CISA) has had a large store of plaintext passwords, SSH private keys, tokens, and “other ...

Some Windows users are reporting they can’t access other Windows computer on their network because they can’t enter the credentials to connect to another computer ...

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software registries on the internet within a span of roughly 48 hours. The targets were ...

Floci is a free, open-source local AWS emulator for development, testing, and CI. It gives you AWS-shaped services on your machine without requiring a cloud account, an auth token, or paid feature ...

"""Authenticates a user via the on-behalf-of flow. This credential can only be used on `Azure Machine Learning Compute <https://learn.microsoft.com/azure/machine ...