From March to June 2025, a cyber attacker was able to snoop around in Salesloft's GitHub account. This resulted in the theft ...

The malware tricks IT personnel into downloading malicious GitHub Desktop installers with GPU-gated decryption targeting ...

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...

Most Android devices default to the Google Play Store for downloading and installing apps, but it's far from the only place ...

The breach, now known to have begun in March, raises questions about why it took six months for Salesloft to detect the ...

GPUGate malware uses Google Ads and fake GitHub commits to steal data from IT firms since Dec 2024, bypassing sandboxes and GPU-lacking systems.

Threat actors had access to Salesloft’s GitHub account between March and June 2025 and performed reconnaissance.

Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account ...

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...

Traditional methods often involved using trusted services like GitHub or Google Drive to host harmful links, but now, by embedding commands within Ethereum smart contracts, attackers are able to ...

Millions of users of GitHub, the premier online platform for sharing open-source software, rely on stars to establish their ...