Computer WeeklyOpinion

Why SLA gaps should not hinder cloud innovation

The Computer Weekly Security Think Tank considers how security leaders can help assure access to the new and innovative cloud ...

GitHub tightens npm security with mandatory 2FA, access tokens

GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale ...

5 ways to spot software supply chain attacks and stop worms - before it's too late

A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.
Ars Technica

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to be the world’s biggest supply-chain attack ever. “Sorry everyone, I should ...
SecurityWeek

Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack

The private repositories of hundreds of organizations were published publicly in the second phase of the Nx supply chain attack. Hackers used the secrets stolen in the recent Nx supply chain attack to ...
The Hacker News

GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies

Salesloft has revealed that the data breach linked to its Drift application started with the compromise of its GitHub account. Google-owned Mandiant, which began an investigation into the incident, ...
SecurityWeek

Salesloft GitHub Account Compromised Months Before Salesforce Attack

Threat actors had access to Salesloft’s GitHub account between March and June 2025 and performed reconnaissance in preparation for the widespread Salesforce-Salesloft data theft campaign. The data ...
Bleeping Computer

AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and repository secrets leaked. According to a post-incident ...
Infosecurity-magazine.com

Npm Package Hijacked to Steal Data and Crypto via AI-Powered Malware

A threat actor released malicious updates on the npm package repository for components of a tool popular among developers intending to steal cryptocurrencies and key developer data. According to a ...
FOX8 Cleveland

Uber received reports of sexual misconduct every 8 minutes for 5 years, records show

(KTLA) – Uber received reports of sexual assault or sexual misconduct in the United States nearly every eight minutes between 2017 and 2022, according to sealed court records reviewed by The New York ...
GeekWire

GitHub will join Microsoft’s CoreAI division with departure of CEO Thomas Dohmke

Microsoft will bring GitHub into its CoreAI division with the announcement this morning that GitHub CEO Thomas Dohmke will be stepping down as the leader of the widely used software development ...
ZDNet

How to use GPT-5 in VS Code with GitHub Copilot

GitHub Copilot Pro now supports GPT-5 in VS Code. A 30-day trial lets you test premium models for free. Add your OpenAI key to bypass Copilot restriction. First, open VS Code. Click the little Copilot ...