GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...

GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed ...

GitHub is investigating an alleged breach after TeamPCP claimed access to nearly 4,000 private repositories, though no impact ...

Composer 2.5 brings stronger long running coding performance to Cursor, with targeted RL, Kimi K2.5 foundations, new pricing, ...

A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate ...

GitHub has confirmed a cyberattack after a threat actor claimed to be selling stolen company data. The breach involved ...

AI agents can open a lot of doors but also break a lot of windows. Here’s how to figure out where to draw the line between ...

GitHub has confirmed that hackers breached internal repositories through a poisoned VS Code extension after stolen source ...

The hacker group TeamPCP uploaded two malicious versions of the popular Python library LiteLLM to PyPI. Using a previously compromised version of the vulnerability scanner Trivy, the attackers stole ...

Another massive supply chain attack is spreading. Hundreds of compromised NPM packages are being detected, with hackers using stolen secrets to create over 2,200 public GitHub repositories, all ...

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are ...