Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks
Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains
Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets
Salesloft has revealed that the data breach linked to its Drift application started with the compromise of its GitHub account
Ad giant's cloudy arm to pay $30B in security shop deal Wiz security researchers think they've found the root cause of the GitHub supply chain attack that unfolded over the weekend, and they say that a separate attack may have been to blame.…
Millions of software repositories on GitHub are likely vulnerable to an attack called RepoJacking, a new study has revealed
The software supply chain security tool from GitHub and Google uses GitHub Actions and Sigstore to generate a "tamper-proof" record describing where, when, and how the software is produced.