GitHub Adds Staged Publishing to npm to Block Automated Supply Chain Attacks
GitHub has rolled out staged publishing for npm to combat npm supply chain attacks targeting the JavaScript ecosystem.
Secure.com News
Stay updated with the latest cybersecurity news, threat intelligence, and industry updates from secure.com.
Browse by Category
Megalodon Malware Compromised 5,500+ GitHub Repos Within 6 Hours
The Megalodon malware attack compromised over 5,500 GitHub repositories within six hours, marking the largest automated supply chain breach in platform history.
Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised in 22 Minutes
A single compromised npm maintainer account pushed 637 malicious package versions in 22 minutes, forcing npm to invalidate write-access tokens platform-wide. The Mini Shai-Hulud worm keeps...
New NGINX Zero-Day RCE Vulnerability Threatens Millions of Web Servers
Security researchers discovered a critical nginx zero day vulnerability that grants attackers remote code execution access to millions of servers.
GitHub Loses 3,800 Internal Repos to a Single Poisoned VS Code Extension
A poisoned plugin slipped past one of the most security-conscious companies on the internet, and the GitHub VS Code extension breach now puts every developer endpoint...
Hackers Abuse Microsoft Entra ID Accounts to Steal Corporate Cloud Data
The Storm-2949 threat group executed a complex Microsoft Entra ID attack to steal sensitive data from corporate cloud environments.
Mini Shai-Hulud Strikes Again: 314 @antv npm Packages Hijacked in 22-Minute Burst
A fresh npm supply chain attack tied to the Mini Shai-Hulud worm has poisoned hundreds of @antv packages, putting developer credentials at risk.
Microsoft Confirms Windows 11 Update Fails With Error 0x800f0922
Microsoft has officially confirmed that its May 2026 Patch Tuesday update for Windows 11 is failing with error code 0x800f0922.
Four Malicious npm Packages Steal SSH Keys, Cloud Credentials, and Crypto Wallets
Security researchers discovered four malicious npm packages designed to steal SSH keys, cloud credentials, and cryptocurrency wallets from developers.
Grafana Tells Extortionists to Get Lost After GitHub Token Breach Exposes Codebase
The Grafana GitHub token breach saw attackers steal a privileged token, exfiltrate the codebase, and try to extort the company. Grafana said no.
OpenAI Confirms Breach After TanStack npm Supply Chain Attack Hit Two Employee Devices
The TanStack npm supply chain attack reached OpenAI's internal repositories. Here is the full picture of what actually happened.
NGINX Was Hiding a Critical Bug for 18 Years. An AI Just Found It.
A newly disclosed NGINX vulnerability lay dormant in the codebase for 18 years before an AI system pulled it into daylight.