Supply Chain Attacks Don't Wait for CVEs
Supply chain attacks on npm and GitHub Actions are exploiting the gap between malicious package publication and CVE issuance, with attackers publishing compromised versions that are installed by thous…
Supply chain attacks on npm and GitHub Actions are exploiting the gap between malicious package publication and CVE issuance, with attackers publishing compromised versions that are installed by thous…
On May 11, 2024, TanStack suffered a sophisticated supply-chain attack that compromised 42 npm packages and published 84 malicious versions within six minutes. The attackers exploited GitHub Actions c…
On May 15, 2026, from 07:43 to 08:48 UTC, GitHub Actions experienced a degradation that caused 42% of workflow runs to fail or start late, triggered by a planned infrastructure failover that led to in…
On May 11, 2026, an attacker compromised the TanStack Router/Start repository and published 84 malicious npm package versions across 42 packages by exploiting a pull_request_target vulnerability, GitH…
GitHub Actions hosted runners in the East US region experienced degraded performance on May 5, 2026, from approximately 13:22 UTC to 17:05 UTC, causing 13.5% of standard runner job failures and roughl…
The article announces the launch of a rebuilt version of Deno Deploy, a hosting platform rebuilt from scratch for greater flexibility and power. New features include an integrated CI/CD build pipeline…