Security researchers have uncovered malicious npm packages linked to North Korea that impersonate Rollup polyfill tools to deliver remote access malware and steal developer credentials and sensitive data.
Security researchers have disclosed seven vulnerabilities in FatFs filesystem library used in embedded devices, exposing risks across IoT systems including cameras, drones, industrial controllers, and more.
A security flaw in Anthropic’s Claude Code GitHub Action allowed attackers to potentially hijack public repositories through a single malicious GitHub issue.
A new supply chain attack called Miasma has compromised Red Hat npm packages to steal credentials, target CI/CD environments, and deploy a self propagating malware campaign affecting developers and cloud systems.
Threat actors compromised popular GitHub Actions workflows to exfiltrate CI/CD credentials through malicious code, raising concerns around software supply chain security and GitHub repository integrity.