TechRepublic

How GitHub Is Securing the Software Supply Chain

A surge in supply chain attacks has put open-source software risk, prompting GitHub to strengthen security across its npm ecosystem. The company, which operates the world’s largest code repository, is ...
Dark Reading

Supply Chain Attacks Targeting GitHub Actions Increased in 2025

Some of the most significant software supply chain incidents over the past year were carried out by threat actors who exploited vulnerabilities in GitHub, the global repository widely used by software ...
CSO Online

AI-powered attack kits go open source, and CyberStrikeAI may be just the beginning

CyberStrikeAI lowers the barrier to complex cyberattacks by combining AI orchestration, MCP integration, and more than 100 ...
Ars Technica

Supply-chain attacks on open source software are getting out of hand

It has been a busy week for supply-chain attacks targeting open source software available in public repositories, with successful breaches of multiple developer accounts that resulted in malicious ...
Business Insider

ReversingLabs 2026 Software Supply Chain Security Report Identifies 73% Increase in Malicious Open-Source Packages

CAMBRIDGE, Mass., Jan. 27, 2026 (GLOBE NEWSWIRE) -- ReversingLabs (RL), the trusted name in file and software security, today released its fourth annual Software Supply Chain Security Report. The 2026 ...
CSOonline

GitHub Actions attack renders even security-aware orgs vulnerable

Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...
Bleeping Computer

Microsoft open-sources VS Code Copilot Chat extension on GitHub

Microsoft has released the source code for the GitHub Copilot Chat extension for VS Code under the MIT license. This provides the community access to the full implementation of the chat-based coding ...