GitHub moves to tighten npm security amid phishing, malware plague

GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks.

RubyGems maintainer quits after Ruby Central takes control of project

A decade-long RubyGems maintainer, Ellen Dash (also known as duckinator), has resigned from Ruby Central following what she ...

GitHub tightens npm security with mandatory 2FA, access tokens

GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale ...

CISA flags some more serious Ivanti software flaws, so patch now

In a new security advisory, CISA said it was tipped off on cybercriminals using CVE-2025-4427, and CVE-2025-4428 - both ...