Laravel Lang packages hijacked to deploy credential-stealing malware

A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated ...
Tech Times

Google Accepted 6,000 Gemini CLI Contributions, Then Closed Tool for Enterprise Only

Google spent nearly a year accepting code contributions from hundreds of independent developers on an open-source AI terminal ...
Martin Cid Magazine

Megalodon turned GitHub Actions into a 5,561-repo backdoor in six hours

Researchers at SafeDep traced 5,718 malicious commits to 5,561 GitHub repositories, all pushed in a six-hour window on a ...
Krebs on Security

Lawmakers Demand Answers as CISA Tries to Contain Data Leak

On May 18, KrebsOnSecurity reported that a CISA contractor with administrative access to the agency’s code development ...
The Hacker News

GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension

GitHub lost 3,800 internal repos after poisoned Nx Console update exposed developer credentials and supply-chain risk.
Infosecurity Magazine

Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem

The Mini Shai-Hulud worm has resurfaced in one of its largest single-registry waves to date, hitting hundreds of npm packages ...
InfoQ

TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...
Tech Times

Karpathy’s Autoresearch Loop Is Spreading Fast: Shopify’s 53% Speed Claim Still Unmerged, Flagged as Overfit

In early March 2026, Andrej Karpathy — co-founder of OpenAI and former Director of AI at Tesla — released a three-file GitHub ...
Martin Cid Magazine

CISA, the agency that defends US federal networks, left its own AWS keys on GitHub

A contractor for the Cybersecurity and Infrastructure Security Agency spent six months committing AWS GovCloud admin tokens, ...
TheGamer on MSN

How to unlock all cosmetics in Repo

Get a new look for your Semibot in Repo ...
VentureBeat

One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

Just two months ago, researchers at the Data Intelligence Lab at the University of Hong Kong introduced CLI-Anything, a new state-of-the-art tool that analyzes any repo’s source code and generates a ...