The leaked token, accidentally embedded by the company’s employee in a public repository, might have provided an attacker ...

The new variant of Docker-targeting malware skips cryptomining in favor of persistence, backdoors, and even blocking rivals ...

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...

Hackers used the secrets stolen in the recent Nx supply chain attack to publish over 6,700 private repositories publicly.

Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account ...

At the same time, security researchers Wiz released a separate announcement, saying the malicious versions were carrying infostealing malware, grabbing secrets such as GitHub and NPM tokens, SSH keys, ...

On August 26, 2025, Nx, the popular build platform with millions of weekly downloads, was compromised with credential-harvesting malware. Using GitGuardian's monitoring data, we analyzed the ...

Pull requests help you collaborate on code with other people. As pull requests are created, they’ll appear here in a searchable and filterable list. To get started, you should create a pull request.

You can create a release to package software, along with release notes and links to binary files, for other people to use. Learn more about releases in our docs.

Cybersecurity researchers have disclosed details of a new malware loader called QuirkyLoader that's being used to deliver via email spam campaigns an array of next-stage payloads ranging from ...