GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...
SecurityWeek

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.
Microsoft

How Storm-2949 turned a compromised identity into a cloud-wide breach

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...
Tech Times

GitHub CISO Names Nx Console as Root of 3,800-Repo Breach: OpenAI, Grafana Also Hit

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...
MUO on MSN

Local LLM setup: how to use RAG and an embedding model to stop wasting context

Local LLMs degrade fast when context fills up. An embedding model and RAG pipeline fixes that — and runs entirely on your ...
Cryptopolitan on MSN

Mistral AI and TanStack hit in supply chain attack with SLSA-attested malware

Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer packages, exposing GitHub tokens, cloud credentials, and password vaults across ...
Techlomedia

GitHub Investigating Unauthorized Access to Internal Repositories, Says Customer Data Not Impacted

GitHub has confirmed that it is investigating unauthorized access to some of its internal repositories. The company shared ...
CoinDesk

Kraken unveils Bitcoin Vault, expanding yield push for BTC holders

The new earn product lets users generate BTC-denominated rewards through DeFi strategies while keeping exposure to bitcoin’s ...
American Banker

Fed's Cook: Tokenization won't replace traditional finance

Federal Reserve Gov. Lisa Cook in 2024. Federal Reserve Gov. Lisa Cook said Friday that tokenization is unlikely to replace traditional finance, but instead could add efficiency across the financial ...
Blockonomi

Kraken Rolls Out Bitcoin Vault to Simplify BTC Yield Generation

Kraken launches Bitcoin Vault to help BTC holders earn passive income through DeFi lending while keeping full exposure to the ...
Global Finance

DTCC Launching Tokenization for $114T Asset Market This July

Just-in-time account funding may be right around the corner as tokenization provides real-time capabilities. Banks, broker-dealers, and clearing agencies could soon reduce capital buffers as ...