India, May 21 -- GitHub has confirmed a major data breach affecting approximately 3,800 internal code repositories after a ...

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...

Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a ...

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...

Four supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days — none inside the model. A 7-row matrix maps what AI ...

On May 11, 2026, several TanStack packages on npm were briefly replaced with malicious versions, raising fresh concerns about ...

Google has patched an Android ADB bug in the May security patch set. If you have a Pixel phone you should already have the patches, and most other major manufacturers should be close behind.

Microsoft flagged a Mistral AI hack as a supply-chain attack that hid malware in a fake AI library on PyPI. Here's what ...

A poisoned open-source dependency let attackers breach two OpenAI employee devices and steal credentials from a limited set of its internal source code repositories, OpenAI confirmed in a May 14, 2026 ...

OpenAI says no user data was accessed in the TanStack npm compromise: two corporate laptops, some credentials, and a forced macOS update.

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer packages, exposing GitHub tokens, ...