News

Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...

How to use GitHub Spec Kit : Easily Build Scalable, Maintainable Software

Discover GitHub Spec Kit, the open-source toolkit for spec-driven development, bringing clarity and collaboration to software ...

Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, ...

Self-propagating supply chain attack hits 187 npm packages

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...

Dynatrace Joins GitHub Model Context Protocol (MCP) Registry to Accelerate AI-Powered Developer Innovation

Dynatrace (NYSE: DT), the leading AI-powered observability platform, today announced its participation in the launch of the ...
Infosecurity Magazine

Shai-Hulud Worm Prowls npm to Steal Hundreds of Secrets

The bundle.js script is designed to steal npm, GitHub, AWS and GCP tokens. But it also installs TruffleHog – an open source ...
SecurityWeek

Salesloft GitHub Account Compromised Months Before Salesforce Attack

Threat actors had access to Salesloft’s GitHub account between March and June 2025 and performed reconnaissance.
Infosecurity Magazine

Salesloft: GitHub Account Breach Was Ground Zero in Drift Campaign

Salesloft has revealed that threat actors targeted customer Salesforce data after breaching its GitHub account ...
CSO Online

Smart GPUGate malware exploits GitHub and Google Ads for evasive targeting

The malware tricks IT personnel into downloading malicious GitHub Desktop installers with GPU-gated decryption targeting ...