All news

supply chain security

(13 articles)

May 23, 2026

npm 2FA Publishing Controls Block Supply Chain Attacks

npm now gates package publishing behind 2FA and adds install controls. Here's what developers need to configure to protect their supply chain.

May 20, 2026

GitHub Breached: 3,800+ Internal Repos Exfiltrated

A GitHub employee device hack led to the exfiltration of 3,800+ internal repos. Here's what happened, what was exposed, and how to protect your org.

May 17, 2026

Grafana GitHub Token Breach: Extortion Attempt

A leaked GitHub token gave attackers full access to Grafana's codebase. Learn what happened, how the breach worked, and how to protect your repos.

May 12, 2026

RubyGems Suspends Signups After Malicious Packages

RubyGems suspended new account signups after hundreds of malicious packages flooded the registry. Here's what Ruby developers need to know right now.

Zara Data Breach Exposes 197,000 Customer Records

May 8, 2026

Zara Data Breach Exposes 197,000 Customer Records

ShinyHunters stole 140GB from Zara via compromised Anodot tokens, exposing emails, purchases, and support tickets for 197,400 people. Here's what happened.

Poisoned Ruby Gems and Go Modules Hit CI Pipelines

May 1, 2026

Poisoned Ruby Gems and Go Modules Hit CI Pipelines

Attackers are poisoning Ruby Gems and Go Modules to steal credentials from CI pipelines. Here's how the attack works and how to defend your build system.

DPRK npm Malware: AI-Powered RAT Attacks Hit Devs

April 29, 2026

DPRK npm Malware: AI-Powered RAT Attacks Hit Devs

North Korean hackers are planting AI-generated malware in npm packages via fake firms and RATs. Here's what developers need to know to stay safe.

Checkmarx GitHub Data Leaked on Dark Web After Breach

April 27, 2026

Checkmarx GitHub Data Leaked on Dark Web After Breach

Checkmarx confirmed GitHub repository data was posted on the dark web after a March 23 attack. Here's what developers need to know about source code exposure.

Vercel Finds More Compromised Accounts in Context.ai Breach

April 23, 2026

Vercel Finds More Compromised Accounts in Context.ai Breach

Vercel identified additional compromised accounts linked to the Context.ai breach. Here's what developers need to know about the attack scope and how to respond.

Checkmarx Supply Chain Hit by Malicious Docker Images

April 22, 2026

Checkmarx Supply Chain Hit by Malicious Docker Images

Malicious KICS Docker images and VS Code extensions targeted the Checkmarx supply chain. Here's what developers need to know to stay protected.

Vercel Breach: Context AI Hack Exposes Credentials

April 20, 2026

Vercel Breach: Context AI Hack Exposes Credentials

A Vercel breach tied to the Context AI hack exposed limited customer credentials. Here's what developers need to know and how to protect their accounts now.

PHP Composer Flaws Enable Arbitrary Command Execution

April 14, 2026

PHP Composer Flaws Enable Arbitrary Command Execution

Critical PHP Composer vulnerabilities allow arbitrary command execution. Patches are out. Here's what developers need to do right now to stay protected.

N. Korean Hackers Drop 1,700 Malicious Packages

April 8, 2026

N. Korean Hackers Drop 1,700 Malicious Packages

North Korean hackers spread 1,700 malicious packages across npm, PyPI, Go, and Rust registries. Here's what developers need to check right now.