New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
Bitdefender

AgingFly malware hits local authorities and hospitals in Ukraine

CERT-UA links the AgingFly credential-stealing campaign to phishing, browser theft, and modular remote access.
Security Boulevard

GitHub Actions Supply Chain Attack: Trivy Breach & Workflow

Breakdown of the Trivy GitHub Actions attack, including workflow misconfigurations, token theft, and supply chain exposure.
GitHub

Advanced Export Options and UI Configuration Caching #19

Expand All @@ -28,8 +29,9 @@ After following these steps, the "Prepare-For-Spine" script should show up in th 2. When you're ready to bring your art into Spine, save your project and run the ...