5 articles
Trend Micro documented QLNX, a Linux RAT that combines credential harvesting, LD_PRELOAD persistence, PAM backdoors, and rootkit behavior. The real risk is not one infected host - it is the supply chain access behind it.
npm packages no longer publish instantly. GitHub's staged publishing forces a 2FA-gated human approval before any version hits the registry — here's what it means and how to enable it.
GitHub says an employee device was compromised through a poisoned third-party VS Code extension and internal repositories were exfiltrated. Here is the fact-checked breakdown for defenders.
How attackers turn GitHub Actions' shared build cache into a supply chain weapon — real cases, attack mechanics, detection logic, and mitigations.
65% of Forbes AI 50 companies leaked secrets on GitHub with 94-day median remediation time. Blue team guide to detect, prevent, and respond to repository leaks.