Tech Times

500 Poisoned Packages, Hundreds of Companies: TeamPCP’s Worm Just Reached GitHub

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...
https//beincrypto.com

Buy Now, Pay Maybe Explained: Why Tuyo’s Crypto Card Faces Gambling Comparisons

Buy Now, Pay Maybe (BNPM) sounds similar to Buy Now, Pay Later (BNPL), but the risks and rewards in both work very differently. BNPL usually splits a purchase into installment payments. In contrast, ...

Don't Want to Wait for iOS 27? Shortcuts Playground From MacStories Generates Shortcuts Using AI

Apple is rumored to be adding an AI feature for creating shortcuts with natural language to the Shortcuts app in iOS 27, but ...

AI is turbocharging “wizards” on 4Chan who take orders to nudify images of women

A new ISD analysis and WIRED reporting show how 4chan users are turning nonconsensual AI nudes into a repeatable system built ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...

GitHub links repo breach to TanStack npm supply-chain attack

GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...
Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

GitHub says a data breach impacted 3,800 internal repositories.

The company traced the incident to a “poisoned” VS Code extension on an employee’s device. While the hacking group TeamPCP has claimed responsibility for the breach, GitHub says it has since removed ...