ニュース

毎週200万回以上ダウンロードされる人気の@ctrl/tinycolorパッケージが ...

2025年9月15日、週に200万回以上ダウンロードされる人気のNPMパッケージ「@ctrl/tinycolor」が40以上の他のパッケージと共に侵害されていると、セキュリティ企業のStepSecurityが報告しました。この巧妙なサプライチェーン攻 ...

Blacksmith Raises $10M to Unblock AI Development with Fast CI for GitHub Actions

Continuous Integration (CI) shouldn't be the part of the day developers dread — but too often it's slow, costly, and unpredictable. In the era of AI and AI agents, where iteration speed determines ...

PyPI invalidates tokens stolen in GhostAction supply chain attack

The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early ...
CSO Online

Warning: Hackers have inserted credential-stealing code into some npm libraries

Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...
Infosecurity-magazine.com

Tj-actions Supply Chain Attack Traced Back to Single GitHub Token Compromise

A recent supply chain attack that compromised the popular tj-actions/changed-files GitHub action has left a trail of digital destruction, affecting 218 GitHub repositories. As investigators dig deeper ...
CSO Online

GhostAction campaign steals 3325 secrets in GitHub supply chain attack

Attackers abused GitHub Actions workflows to siphon off thousands of credentials from hundreds of npm and PyPI repositories.

Google Ventures doubles down on dev tool startup Blacksmith just 4 months after its seed round

Blacksmith, a Y Combinator alum, raised $10M Series A led by Google Ventures to cut costs and speed up software builds.

AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account ...