Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account ...

Hackers used the secrets stolen in the recent Nx supply chain attack to publish over 6,700 private repositories publicly.

On August 26, 2025, Nx, the popular build platform with millions of weekly downloads, was compromised with credential-harvesting malware. Using GitGuardian's monitoring data, we analyzed the ...

The leaked token, accidentally embedded by the company’s employee in a public repository, might have provided an attacker ...

At the same time, security researchers Wiz released a separate announcement, saying the malicious versions were carrying infostealing malware, grabbing secrets such as GitHub and NPM tokens, SSH keys, ...

According to researchers at Wiz, those poisoned packages were laden with malware designed to siphon secrets from developers, such as GitHub and NPM tokens, SSH keys, and cryptocurrency wallet details.

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were ...

The new variant of Docker-targeting malware skips cryptomining in favor of persistence, backdoors, and even blocking rivals ...

Core concept: OSTree stores full system snapshots in a content-addressed manner, like Git for binary trees. Updates are ...

Here’s this week’s cybersecurity recap in plain terms, built for leaders and practitioners who need the signal, not the noise ...