GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack.
A popular developer of open source analytics software has revealed that a recent data breach and extortion incident was caused by the Mini Shai-Hulud campaign which compromised TanStack packages.
GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages and published 84 malicious package versions in just six minutes, exposing ...
A Claude Code skill that installs a one-click DOM picker into any React project. The picker captures [DEBUG PICK] markdown blocks (CSS path, React component, props, state, attributes) ready to paste ...
OpenAI has confirmed that its employees' devices were compromised in a recent cyberattack. Hackers targeted the widely used open-source project TanStack, injecting malicious code into it. This attack ...
Any development environment that installed or imported one of the 172 compromised npm or PyPI packages published since May 11 should be treated as potentially compromised. On affected developer ...
Numerous TanStack packages on npm have suffered a supply chain attack, apparently as part of the “Mini Shai-Hulud” attack wave. The TanStack team announced that a supply chain attack on TanStack ...
Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. The attacker hijacked valid OpenID ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results