TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

On April 29, 2026, someone slipped malicious code into four widely used SAP software packages. Within days, the infection had ...

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

Dive into The Register's online archive of incisive tech news reporting, features, and analysis dating back to 1998 ...

Malicious code inserted into four SAP-related npm packages exposed developer workstations and automated build systems to credential theft, marking a sharp escalation in attacks against open-source ...

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...

GlassWorm, a known malware, has put 73 harmful extensions into OpenVSX's registry. Hackers use it to steal developers' crypto wallets and other data.

Preview of new companion app allows developers to run multiple agent sessions in parallel across multiple repos and iterate on human and agent reviews. Visual Studio Code 1.115, the latest release of ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...

Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a ...