On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...

A cautionary tale of how a developer tool limit case could derail cybersecurity protections if not for quick thinking, public outreach, longtime relationships, and a vendor willing to listen and ...

The popular Nx build system, boasting 4 million downloads each week, was exploited in the first supply chain breach to use AI ...

Nx supply chain attack on Aug 26, 2025 leaked 2,349 secrets via npm packages, risking GitHub and cloud accounts.

Ethereum smart contracts used to hide URL to secondary malware payloads in an attack chain triggered by a malicious GitHub ...

In contrast, colortoolsv2 and mimelib2 leveraged Ethereum smart contracts to store and deliver the URLs used for fetching the ...

Nx is the latest target of a software supply chain attack in the NPM ecosystem, with multiple malicious versions being ...

ReversingLabs discovered two NPM packages, colortoolsv2 and mimelib2, using Ethereum smart contracts to download malware.

A software supply chain attack targeting Nx marks the first known case where attackers have leveraged developer AI assistants ...

While the GitHub repository was "clean" by the time of detection, the cached package served through the Go Module Proxy remained malicious.

GitHub aims to assist with its newly available Copilot Autofix tool. Now integrated into GitHub Advanced Security, this AI-powered feature is designed to help developers address code ...

Two npm packages hide downloader commands via Ethereum smart contracts; uploaded July 2025; targeting crypto developers.