Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

Kansas farmers hit hard by weather extremes and growing costs, wheat crop could be worst since 1972

Orville Williams has had a healthy wheat crop on his 2,600-acre farm in Montezuma, Kansas, every year since he was a teenager ...

Posts linking Covid jabs to hantavirus misuse Pfizer, WHO documents

A rare hantavirus outbreak on an Atlantic cruise ship has reignited conspiratorial Covid-era misinformation, with posts ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

New RNA tool maps structure and motifs across organisms and viruses

Researchers at the University of Würzburg have unveiled a new tool for analyzing RNA molecules. It visualizes their ...
Tech Times

500 Poisoned Packages, Hundreds of Companies: TeamPCP’s Worm Just Reached GitHub

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...
Microsoft

Exposing Fox Tempest: A malware-signing service operation

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.