The Hacker News

Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack

Miasma hit 73 Microsoft repos across four GitHub orgs, forcing access disablement and exposing open-source trust risks.
SecurityWeek

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and ...

Google Reportedly Wants Android App Code From Play Store Developers

Google is reportedly offering to pay select Android developers for source-code access. Here’s what Play Store developers ...

New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...
GitHub

External JavaScript for yt-dlp supporting many runtimes

The project provides lockfiles for every supported package manager. If you only have Python and a JS runtime, then you may instead run ./hatch_build.py. This will transparently invoke one of the ...
GitHub

repository-settings.md

Set Git repository settings and policies [!INCLUDE version-lt-eq-azure-devops] [!INCLUDE ai-assistance-mcp-server-tip] There are several ways to customize your Azure Repos Git repositories by using ...
Bleeping Computer

Trellix discloses data breach after source code repository hack

Cybersecurity firm Trellix disclosed a data breach after attackers gained access to "a portion" of its source code repository. Trellix is a global cybersecurity company formed from the October 2021 ...
Phys.org

UK's national soil database released as open-access repository

Cranfield University has launched a new soil and environmental online database and mapping tool, opening up detailed information about land in England and Wales. In collaboration with Defra, Cranfield ...
Bleeping Computer

GitHub fixes RCE flaw that gave access to millions of private repos

In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories. The flaw was reported on ...