GitHub links repo breach to TanStack npm supply-chain attack

GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS ...
Cybernews

GitHub confirms breach after hackers put stolen source code up for sale

GitHub has confirmed that hackers breached internal repositories through a poisoned VS Code extension after stolen source ...
InfoWorld

Visual Studio Code extension flags NPM vulnerabilities

Security developer Snyk has published a free extension for Microsoft’s popular Visual Studio Code editor that finds vulnerabilities in NPM packages. Introduced April 2, the open source Snyk Vuln Cost ...
Tech Times

npm Supply Chain Attacks Hit GitHub: 2FA Approval Gate Now Blocks Stolen CI Tokens

GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...