The Register on MSN
GitHub moves to tighten npm security amid phishing, malware plague
Hundreds of compromised packages pulled as registry shifts to 2FA and trusted publishing GitHub, which owns the npm registry ...
GitHub enforces FIDO 2FA and seven-day token limits after Shai-Hulud npm attack to boost supply chain security.
GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale ...
14don MSN
GitHub supply chain attack sees thousands of tokens and secrets stolen in GhostAction campaign
Thousands of secrets such as PyPI and AWS keys, GitHub tokens, and more, were stolen recently during a supply-chain attack against GitHub, dubbed ‘GhostAction’. The attack was spotted by security ...
Shai-Hulud is the third major supply chain attack targeting the NPM ecosystem after the s1ngularity attack and the recent compromise of Josh Junon (Qix), the maintainer of 18 NPM packages that have ...
"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...
In response to the recent supply chain attack in the JavaScript package manager npm, GitHub has made a few changes that will ...
The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early ...
At its Satellite conference in Berlin today, GitHub — the code hosting platform Microsoft acquired for $7.5 billion in stock last year — unveiled improvements it says are intended to make software ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback