A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...
Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.
Cybernews

GitHub confirms breach after hackers put stolen source code up for sale

GitHub has confirmed that hackers breached internal repositories through a poisoned VS Code extension after stolen source ...

GitHub Investigates Major Hack Claim as TeamPCP Offers 4,000 Private Code Repositories for Sale

GitHub is investigating an alleged breach after TeamPCP claimed access to nearly 4,000 private repositories, though no impact ...

GitHub confirms 'hacking' attack; says: We detected and contained a compromise of an employee device involving a poisoned

GitHub has confirmed a cyberattack after a threat actor claimed to be selling stolen company data. The breach involved ...

GitHub investigates internal repositories breach claimed by TeamPCP

GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed ...

Microsoft Self-Service Password Reset abused in Azure data theft attacks

A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate ...
i-SCOOP

Composer 2.5 in Cursor is built for long running coding work

Composer 2.5 brings stronger long running coding performance to Cursor, with targeted RL, Kimi K2.5 foundations, new pricing, ...
cybernews

Supply chain hit once again: single NPM account pushes 600+ compromised packages, used by millions

Another massive supply chain attack is spreading. Hundreds of compromised NPM packages are being detected, with hackers using stolen secrets to create over 2,200 public GitHub repositories, all ...
techzine

TeamPCP compromises Python libraries via supply chain attack

The hacker group TeamPCP uploaded two malicious versions of the popular Python library LiteLLM to PyPI. Using a previously compromised version of the vulnerability scanner Trivy, the attackers stole ...

The First AI-Crafted Zero-Day Was Easy to Spot. The Next One May Not Be

Google reported the first confirmed AI-assisted zero-day exploit, raising new concerns about logic flaws, supply chain risk, ...
Martin Cid Magazine

An AI wrote a working zero-day exploit — Google caught it first

Google's Threat Intelligence Group says a criminal hacker group used a large language model to find a previously unknown flaw ...