Among other things, Megalodon was observed grabbing AWS secret keys and Google Cloud access tokens, instance role credentials ...

The Megalodon supply chain attack poisoned over 5,500 GitHub repositories via automated commits injecting GitHub Actions workflows.

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...

Massive scale attack The "Megalodon" campaign compromised over 5,000 GitHub repositories in 6 hours by weaponizing automated GitHub Actions workflows that execute when developers push code or merge ...

This week, more incidents that we can here list. Among them: cloned Shai-Hulud malware, a new maximum CVSS Cisco flaw. Edge ...

A research team at Mohamed bin Zayed University of Artificial Intelligence published a finding in April 2026 that has gained traction in engineering circles for reasons that go beyond its headline ...

A developer claims Google’s Gemini coding assistant deleted nearly 30,000 lines of working production code while making ...

GitHub says the breach of roughly 3,800 internal repositories was tied to the wider TanStack npm supply-chain attack.

GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

GitHub confirmed a breach affecting about 3,800 internal repositories after an employee installed a malicious VS Code ...

The data visualization ecosystem AntV was targeted by a Mini Shai Hulud supply chain attack involving hundreds of malicious npm packages.