In light of recent cyberattacks and growing security concerns, GitHub is taking immediate and direct action to secure the ...
Chainguard Libraries for JavaScript include builds that are malware-resistant and built from source on SLSA L2 infrastructure ...
A massive phishing campaign targeted GitHub users with cryptocurrency drainers, delivered via fake invitations to the Y ...
GitHub has unveiled a comprehensive plan to improve npm (Node Package Manager) security. The measures are a direct response to the major npm attack in mid-September, in which self-replicating malware ...
GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks.
GitHub enforces FIDO 2FA and seven-day token limits after Shai-Hulud npm attack to boost supply chain security.
GitHub MCP Registry makes Model Context Protocol servers with GitHub repos discoverable from Visual Studio Code.
In response to the recent supply chain attack in the JavaScript package manager npm, GitHub has made a few changes that will ...
The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early ...
The bundle.js script is designed to steal npm, GitHub, AWS and GCP tokens. But it also installs TruffleHog – an open source tool that can detect as many as 800 secrets. If it finds GitHub tokens, the ...
Shai-Hulud is the third major supply chain attack targeting the NPM ecosystem after the s1ngularity attack and the recent ...
An apparent "Dune" aficionado is responsible for the first self-propagating attack on the npm JavaScript repository in what ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback