GitHub

With that access, threat actors can “poke around” various repositories and workflows and look…

eSecurity Planet content and product recommendations are editorially independent. We may make money when…

Shai-Hulud first emerged in September, revealed by the discovery that dozens of npm libraries,…

A new Shai-Hulud supply chain attack has hit nearly 500 npm packages with a…

A malicious npm package named “@acitons/artifact” was found impersonating the legitimate “@actions/artifact” module, directly…

eSecurity Planet content and product recommendations are editorially independent. We may make money when…

Compliance and governance The Wiz findings highlight how exposed API keys can escalate into…

Oct 30, 2025Ravie LakshmananDevSecOps / Software Security Cybersecurity researchers have uncovered yet another active…

Introduction Primarily focused on financial gain since its appearance, BlueNoroff (aka. Sapphire Sleet, APT38,…

Introduction Back in 2024, we gave a brief description of a complex cyberespionage campaign…