Security & Privacy
Attackers Slip Malware into Build Config Files, Bypassing GitHub PR Reviews
A compromised contributor's pull request looks legit—until build config files unleash hidden malware. This supply chain sneak attack is hitting 30+ repos right now.