GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

GitHub investigates internal repositories breach claimed by TeamPCP

GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...
SecurityWeek

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...
Communications of the ACM

Faults and Pitfalls in Implementing the Right to be Forgotten

This practice had to change when the European Union introduced Right to be Forgotten (RTBF)—first in 2014, as a standalone ...
CNET

Hands-on with Vehicle-to-Load in the Kia EV6, Hyundai Ioniq 5

One of the most interesting features found in Hyundai and Kia's new generation of electric vehicles is Vehicle-To-Load or V2L. This technology transforms the standard power input used to charge the ...
GitHub

OPI - ORCA Python Interface

The ORCA Python Interface (OPI) is a Python library to create input and parse output of ORCA. It is designed as an open source community effort to make ORCA calculations as accessible as possible and ...
GitHub

Pyrefly: A fast type checker and language server for Python with powerful IDE features

Pyrefly is a type checker and language server for Python, which provides lightning-fast type checking along with IDE features such as code navigation, semantic highlighting, and code completion. It is ...
The Hacker News

ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories

A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are ...