"We immediately initiated an investigation and removed the packages from the npm registry. "While our investigation is ...

GitHub disabled 73 Microsoft repos after the Miasma worm exploited previously compromised credentials to plant malware targeting AI coding agents.

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...

Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...

Multiple npm supply chain attacks used 50+ poisoned packages to spread IronWorm, a Rust-based stealer, and a Miasma worm ...

Researchers have uncovered a new Shai-Hulud malware variant targeting Red Hat-related npm packages, spreading through ...

A threat actor has compromised official Red Hat accounts on Node Package Manager (NPM), using them to push self-propagating ...

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...

Dozens of Microsoft-owned software repositories have been taken offline following a major cyberattack linked to the rapidly ...

The malicious npm packages are looking to steal credentials and propagate further.

As announced on June 5 at Summer Games Fest, new video game adaptation Among Us has suddenly dropped on Paramount Plus.