GitHub Internal Repos Breached via Malicious VS Code Extension
1054
GitHub suffered an internal repository breach after an employee installed a malicious VS Code extension, with hackers now attempting to sell the stolen code.
Malware
Coverage of malicious software including trojans, ransomware, and other threats — how they work, how they spread, and how to defend against them.
Reading List
Critical Supply-Chain Attack Hits TanStack Router NPM Packages
1095
A self-propagating supply-chain attack has poisoned TanStack Router npm packages to steal credentials and infect further repositories.
Bitwarden CLI Compromised in CI/CD Supply Chain Attack
865
Bitwarden CLI version 2026.4.0 was compromised in a supply chain attack that uses a malicious CI/CD injection to harvest cloud and developer credentials.
The Essential Plugin Attack: 30+ WordPress Plugins Weaponized via Supply Chain
1182
A malicious actor weaponized a portfolio of 30+ acquired WordPress plugins to conduct a massive, blockchain-coordinated supply chain attack.
Axios npm Supply Chain Attack: Hijacked Account Drops Cross-Platform RAT
1925
A hijacked maintainer account was used to poison the axios npm package with a sophisticated, self-cleaning Remote Access Trojan targeting multiple operating systems.