The Next Web

GitHub for the factory floor: Copia raises $26M to protect the code that runs industry

Copia raised $26mn, taking its total to $55mn, to bring version control and backups to the PLC code running factories and critical infrastructure.
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Hacker News

Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials

In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP, the threat actor behind the recentsupply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as ...
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 packages across multiple high-profile NPM and PyPI projects were compromised in a new, coordinated Mini Shai-Hulud software supply chain attack. The campaign hit 42 TanStack packages, 65 ...
cryptopolitan

Crypto wallets targeted in SAP-linked npm supply-chain attack

Four real SAP npm packages were hacked. The hackers added code that steals crypto wallets, cloud credentials, and SSH keys from developers. These packages had more than 500,000 downloads a week. Four ...
SecurityWeek

SAP NPM Packages Targeted in Supply Chain Attack

The Mini Shai-Hulud attack introduced a preinstall hook to fetch and execute a Bun binary and bypass security monitoring. Four SAP NPM packages have been injected with malicious code as part of a new ...
Dark Reading

Claude Source Code Leak Highlights Big Supply Chain Missteps

Sophisticated cyberattacks targeting a variety of open source projects, including the Trivy security-scanner project, the widely used Axios Javascript package, and now Anthropic's accidental ...
Analytics India Magazine

Claude Code Leak Was a ‘Manual Error’, and ‘No one Was Fired’

The Claude Code leak was caused by a manual error during a routine software update. Over 500,000 lines of source code were exposed, revealing internal architecture ...
InfoWorld

Visual Studio Code adds support for agent skills

An experimental feature in VS Code 1.108, Agent Skills are folders of instructions, scripts, and resources that GitHub Copilot can load for specialized tasks. Visual Studio Code 1.108, the latest ...
Bleeping Computer

AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and repository secrets leaked. According to a post-incident ...
GitHub

Codacy Coverage Reporter

Follow the instructions on how to add coverage to your repository. If necessary, see alternative ways of running Codacy Coverage Reporter for other ways of running Codacy Coverage Reporter, such as by ...