News

SecurityWeek

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit

Shai-Hulud is the third major supply chain attack targeting the NPM ecosystem after the s1ngularity attack and the recent ...
Ervik.as

Wormable Malware Causing Supply Chain Compromise of npm Code Packages

Reports surfaced that the widely used npm package @ctrl/tinycolor had been compromised by Wormable Malware as part of a ...

Google Ventures doubles down on dev tool startup Blacksmith just 4 months after its seed round

Blacksmith, a Y Combinator alum, raised $10M Series A led by Google Ventures to cut costs and speed up software builds.

A terrifying, self-replicating malwaere has infected npm packages with over 2 million downloads per week - here's how to stay safe

"After detecting several malicious Node Package Manager (NPM) packages in the public NPM registry, a third-party open source ...
Infosecurity Magazine

Shai-Hulud Worm Prowls npm to Steal Hundreds of Secrets

The bundle.js script is designed to steal npm, GitHub, AWS and GCP tokens. But it also installs TruffleHog – an open source ...
Visual Studio Magazine

GitHub Tops AI Coding Assistants Report, with Microsoft-Related 'Cautions'

Gartner's new Magic Quadrant for AI Code Assistants report shows GitHub Copilot leading the market while forecasting near-universal enterprise adoption of AI coding assistants by 2028.
Security Boulevard

Detect Secrets in GitLab CI Logs using ggshield and Bring Your Own Source

Discover how to automatically detect secrets in GitLab CI logs using ggshield and GitGuardian's Bring Your Own Source ...