News

SecurityWeek4d

GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets

A supply chain attack involving malicious GitHub Action workflows has impacted hundreds of repositories and thousands of ...
Columbus Dispatch17d

AppJet.ai Launches: A GitHub-Native AI That Codes Full-Stack From Prompt to Deploy

GitHub-native flow: Understands your codebase, tracks changes, and works on a safe, isolated appjet branch. Truly full-stack: Handles front-end and back-end work with equal ease. Any major language: ...
WeLiveSecurity8d

GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes

ESET researchers have identified a new threat actor targeting Windows servers with a passive C++ backdoor and a malicious IIS ...

Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack.

Using CodeQL to detect client-side vulnerabilities in web applications

GitHub’s CodeQL is a robust query language originally developed by Semmle that allows you to look for vulnerabilities in the source code ...
Austin American-Statesman26d

New bill could shield police misconduct files as Uvalde lawsuit nears ruling

More than three years after a gunman shot and killed 19 students and two teachers at Robb Elementary School in Uvalde, the Texas Department of Public Safety continues to fight to keep records on the ...

Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, ...