1Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push (opens in new tab)(stepsecurity.io)5varunsharma071mo ago1
2Show HN: Scan your dev machine for AI agents, MCP servers, and IDE extensions (opens in new tab)(github.com)9varunsharma071mo ago0
3Xygeni/xygeni-action GitHub Action is compromised – poisoned tag is still live (opens in new tab)(stepsecurity.io)2varunsharma072mo ago0
4Hackerbot-Claw: AI Bot Exploiting GitHub Actions – Microsoft, Datadog Hit So Far (opens in new tab)(stepsecurity.io)27varunsharma072mo ago4
5GitHub Actions is left vulnerable to supply chain attacks: Datadog Report (opens in new tab)(datadoghq.com)4varunsharma072mo ago0
6Cline Supply Chain Attack: Cline 2.3.0 Silently Installs OpenClaw (opens in new tab)(stepsecurity.io)12varunsharma072mo ago1
7Harden Runner Detected the SHA1-Hulud Supply Chain Attack in CNCF's Backstage (opens in new tab)(stepsecurity.io)1varunsharma075mo ago1
8Popular Nx Build System NPM Package Compromised with Data Stealing Malware (opens in new tab)(stepsecurity.io)10varunsharma078mo ago2
9Suspicious Tag Change in AWS's GitHub Action: What Happened and Why It Matters (opens in new tab)(stepsecurity.io)3varunsharma078mo ago1
11eslint-config-prettier npm package compromised (opens in new tab)(stepsecurity.io)74varunsharma079mo ago11
