devsecops 16

• SymJack Attack Weaponizes AI Coding Agents as Supply Chain Delivery Systems May 27, 2026
• Laravel-Lang Packages Poisoned to Exfiltrate CI Secrets May 25, 2026
• Megalodon Supply Chain Attack Infects 5,500+ GitHub Repositories May 25, 2026
• npm Launches Staged Publishing with 2FA Gating to Counter Supply Chain Attacks May 23, 2026
• Megalodon GitHub Attack Injects Malicious CI/CD Workflows into 5,561 Repos May 22, 2026
• Compromised Nx Console 18.95.0 Delivers Credential Stealer to 2.2M VS Code Users May 19, 2026
• GitHub Actions Supply Chain Attack Hijacks actions-cool/issues-helper Tags May 18, 2026
• node-ipc npm Package Compromised in Supply Chain Attack to Steal Credentials May 15, 2026
• Official Checkmarx Jenkins AST Plugin Backdoored with Infostealer May 11, 2026
• Unit 42 Maps npm Attack Surface: Wormable Malware, CI/CD Persistence, and Multi-Stage Chains Apr 24, 2026
• Bitwarden npm Supply Chain Attack Attributed to TeamPCP; Shai-Hulud Worm Component Identified Apr 24, 2026
• Checkmarx Supply Chain Attack Compromises Bitwarden CLI and KICS Analysis Tool Apr 23, 2026
• Trail of Bits Releases C/C++ Security Testing Handbook Chapter with LLM Bug-Finding Prompts Apr 9, 2026
• HackerOne Pauses Bug Bounties as AI-Driven Discovery Creates Remediation Backlog Apr 8, 2026
• AWS Launches S3 Files for Shared Bucket Mounts Apr 7, 2026
• Axios Infrastructure Targeted in Coordinated DDoS Apr 7, 2026