Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
Live Bitcoin News

The npm Package That Wipes Your Files When You Try to Stop It

An attacker poisoned 84 TanStack npm versions across 42 packages, stealing GitHub OIDC tokens and cloud keys while planting a ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

Script Injection and Data Theft: Python Data Analysis Tool Compromised

The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary ...
CSOonline

GitHub Actions attack renders even security-aware orgs vulnerable

Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...