A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...

Open source tool maker Grafana Labs says hackers stole its code, refuses to pay ransom

The open source project said hackers stole its codebase and threatened to publish its source code if the company did not pay.

Yearslong fight over users’ right to tweak smart TV software heads to trial

The Software Freedom Conservancy (SFC), a US nonprofit that promotes and provides legal support for free and open source ...
Bleeping Computer

GitHub links repo breach to TanStack npm supply-chain attack

GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack.

Grafana Labs admits all its codebase are belong to someone who popped its GitHub account

Observability outfit Grafana Labs has revealed that an attacker accessed its GitHub repository and stole its codebase. In ...

Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens ...

GitHub says hackers stole data from thousands of internal repositories

The code hosting giant GitHub said it was investigating a breach but said there was no evidence of customer data theft.
9to5Mac

Codex for Mac updated with new Appshots feature that instantly gives chat context

Appshots is now available for Codex for Mac, adding a new way to instantly provide context to your chat. “On your Mac, press Command-Command to attach your app window to a Codex thread,” OpenAI says. ...
InfoQ

TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...

1Password extends OpenAI collaboration with Codex MCP server for just-in-time credential access

Cybersecurity and password service provider 1Password LLC today expanded its collaboration with OpenAI Group PBC, releasing a ...