The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
The Hacker News

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI revoked its macOS signing certificate after a malicious Axios dependency incident on March 31, 2026, preventing ...
Security Boulevard

Attacking the MCP Trust Boundary

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol ...
Cybernews

Checkmarx hit again, popular tools spreading credential-stealing malware

Checkmarx suffers a second supply chain attack in a month, resulting in hackers injecting credential-stealing malware into ...
techtimes

Git Version Control Mastery: Branching, Merging & GitHub Workflow Tips for Teams

Git Version Control is the backbone of modern software development, helping teams manage code efficiently and avoid conflicts. Understanding version control basics allows developers to track changes, ...
InfoQ

GitHub Integrates AI to Improve Accessibility Issue Management and Automate Feedback Triage

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
Blue Headlineq

GitHub’s Supply Chain Warning Is Really About Secret Theft, Not Just Bad Packages

GitHub says modern supply-chain attacks increasingly start with secret exfiltration from GitHub Actions, not just poisoned packages further downstream.

OpenAI rotates macOS certs after Axios attack hit code-signing workflow

OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious ...

OpenAI debuts GPT-Rosalind, a new limited access model for life sciences, and broader Codex plugin on Github

At its core, GPT-Rosalind is the first in a new series of models optimized for scientific workflows. While previous ...
Bleeping Computer

Cisco source code stolen in Trivy-linked dev environment breach

Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to ...