Valid certificates, stolen accounts: how attackers broke npm's last trust signal

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...
The Hacker News

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Megalodon pushed 5,718 malicious GitHub commits in 6 hours, exposing CI secrets and cloud credentials at scale.
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...
XDA Developers on MSN

I got tired of hunting through Windows for every setting, so I built my own control center

I started this as a side project, but my Windows Command Center suddenly became useful.