The Hacker News21h
GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories
GitHub Action tj-actions/changed-files was compromised, leaking CI/CD secrets. Users must update immediately to prevent ...
Large enterprises scramble after supply-chain attack spills their secrets
Open source software used by more than 23,000 organizations, some of them in large enterprises, was compromised with credential-stealing code after attackers gained unauthorized access to a maintainer ...
Crypto News6d
Lazarus Targets Solana and Exodus Wallets, Infecting Hundreds of Software Developers
North Korea's Lazarus Group targeted Solana and Exodus wallets by infecting hundreds of software developers via malicious npm ...
The Hacker News3d
Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal
Researchers uncovered 20 malicious PyPI packages stealing cloud credentials, downloaded 14,100+ times before removal.
GitHub supply chain attack spills secrets from 23,000 projects
StepSecurity disclosed a compromise of the popular GitHub Action tj-actions/changed-files, which works to detect file changes ...
JavaScripts Temporal API: New era for date and time calculations
The Temporal API fixes JavaScripts date and time issues. It offers consistency, precision and time zone support. Soon to be ...
Gradle Inc. and Google Celebrate 10-Year Partnership on Androidâ„¢ Studio
The partnership is a testament to Gradle and Android’s shared commitment to equipping developers with tools to improve the developer experience. According to industry market research firm Evans Data, ...
Computing1d
GitHub supply-chain attack threatens 23,000 organisations
A supply chain attack on a GitHub Actions tool has put up to 23,000 organisations at risk of having credentials stolen.
Cybernews6d
Lazarus Group targeting developers with infostealer and backdoor malware
The North Korean Lazarus Group, which recently stole $1.5 billion from the crypto exchange Bybit, is targeting developers via npm, a library and registry of JavaScript.