1Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push (opens in new tab)(stepsecurity.io)5varunsharma0712d ago1
2Show HN: Scan your dev machine for AI agents, MCP servers, and IDE extensions (opens in new tab)(github.com)9varunsharma0714d ago0
3Xygeni/xygeni-action GitHub Action is compromised – poisoned tag is still live (opens in new tab)(stepsecurity.io)2varunsharma0717d ago0
4Hackerbot-Claw: AI Bot Exploiting GitHub Actions – Microsoft, Datadog Hit So Far (opens in new tab)(stepsecurity.io)27varunsharma0725d ago4
5GitHub Actions is left vulnerable to supply chain attacks: Datadog Report (opens in new tab)(datadoghq.com)4varunsharma0728d ago0
6Cline Supply Chain Attack: Cline 2.3.0 Silently Installs OpenClaw (opens in new tab)(stepsecurity.io)12varunsharma071mo ago1
7Harden Runner Detected the SHA1-Hulud Supply Chain Attack in CNCF's Backstage (opens in new tab)(stepsecurity.io)1varunsharma073mo ago1
8Popular Nx Build System NPM Package Compromised with Data Stealing Malware (opens in new tab)(stepsecurity.io)10varunsharma077mo ago2
9Suspicious Tag Change in AWS's GitHub Action: What Happened and Why It Matters (opens in new tab)(stepsecurity.io)3varunsharma077mo ago1
11eslint-config-prettier npm package compromised (opens in new tab)(stepsecurity.io)74varunsharma078mo ago11
12Grafana GitHub Actions Security Incident (opens in new tab)(stepsecurity.io)10varunsharma0711mo ago0
