Dark Reading

Hackers Post Dozens of Malicious Copycat Repos to GitHub

Cybercriminals continue to sneak malicious repositories onto GitHub. Typosquatting, dependency confusion, and other types of cyberattacks precipitated through malicious packages are old and common ...
Ars Technica

10 malicious Python packages exposed in latest repository attack

Researchers have discovered yet another set of malicious packages in PyPi, the official and most popular repository for Python programs and code libraries. Those duped by the seemingly familiar ...
Bleeping Computer

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...
InfoWorld

nbdev v2 review: Git-friendly Jupyter Notebooks

Add-on to Jupyter Notebooks enables a literate Python development style that gives you high-quality documentation, tests, continuous integration, and packaging for free. There are many ways to go ...
Bleeping Computer

Public GitLab repositories exposed more than 17,000 secrets

After scanning all 5.6 million public repositories on GitLab Cloud, a security engineer discovered more than 17,000 exposed secrets across over 2,800 unique domains. Luke Marshall used the TruffleHog ...