1Codfish/semantic-release-action GitHub Action has been compromised (opens in new tab)(stepsecurity.io)4varunsharma0722h ago0Save
2Multiple mastra NPM packages compromised (opens in new tab)(github.com)GitHub4varunsharma078d ago1Save
3Ongoing NPM supply chain attack uses binding.gyp to spread like a worm (opens in new tab)(github.com)GitHub6varunsharma0721d ago0Save
5NX VS Code extension compromised again (opens in new tab)(github.com)GitHub4varunsharma071mo ago0Save
6Actions-cool/issues-helper GitHub Action Compromised (opens in new tab)(github.com)GitHub3varunsharma071mo ago0Save
7Malicious node-IPC Versions Published to NPM (opens in new tab)(github.com)GitHub6varunsharma071mo ago2Save
8Postmortem: TanStack NPM supply-chain compromise (opens in new tab)(tanstack.com)1097varunsharma071mo ago465Save
9Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push (opens in new tab)(stepsecurity.io)5varunsharma073mo ago1Save
10Show HN: Scan your dev machine for AI agents, MCP servers, and IDE extensions (opens in new tab)(github.com)GitHub9varunsharma073mo ago0Save
11Xygeni/xygeni-action GitHub Action is compromised – poisoned tag is still live (opens in new tab)(stepsecurity.io)2varunsharma073mo ago0Save
12Hackerbot-Claw: AI Bot Exploiting GitHub Actions – Microsoft, Datadog Hit So Far (opens in new tab)(stepsecurity.io)27varunsharma073mo ago4Save
13GitHub Actions is left vulnerable to supply chain attacks: Datadog Report (opens in new tab)(datadoghq.com)4varunsharma073mo ago0Save
14Cline Supply Chain Attack: Cline 2.3.0 Silently Installs OpenClaw (opens in new tab)(stepsecurity.io)12varunsharma074mo ago1Save
15Harden Runner Detected the SHA1-Hulud Supply Chain Attack in CNCF's Backstage (opens in new tab)(stepsecurity.io)1varunsharma076mo ago1Save
