GitHub Package Security Issues

News

GitHub package limit put law firm in security bind

A cautionary tale of how a developer tool limit case could derail cybersecurity protections if not for quick thinking, public ...

Bleeping Computer3y

Open source 'Package Analysis' tool finds malicious npm, PyPI packages

The Open Source Security Foundation (OpenSSF ... the open source project released on GitHub, was able to identify over 200 malicious npm and PyPI packages. This week, OpenSSF released its ...

Computing3mon

Lazarus Group hiding malware in GitHub and open-source packages

The group slips “undetectable” malware into GitHub ... packages disguised as legitimate DeepSeek AI libraries were removed from PyPI after extracting sensitive credentials from developers ...

Computing2mon

GitHub supply-chain attack threatens 23,000 organisations

The compromised commit contained base64-encoded instructions to download Python code which would then scan the memory of the GitHub Runner for credentials. The issue is tracked as CVE-2025-30066.

Some results have been hidden because they may be inaccessible to you

Show inaccessible results