Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...

Reported over three years ago and allegedly still not properly fixed, the vulnerability enables attacks to execute JavaScript ...

India's software supply chain security challenge is deepening as AI expands the attack surface while many enterprises lack ...

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...

The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects ...

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens ...

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...

A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated ...

Laravel-Lang compromise tagged 700+ versions on May 22–23, 2026, triggering PHP stealers that exfiltrate credentials.

Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a ...

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.