Bleeping Computer

Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub

Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. The malicious ...
Morningstar

Salt Security Launches GitHub Connect to Proactively Discover Shadow APIs and MCP Risks in ...

New capability for the Salt Illuminate™ platform moves discovery "From Code to Context," identifying risky MCP servers and shadow APIs before deployment. With GitHub Connect, Salt enables customers to ...