Hackers penetrate Toptal’s GitHub account and leverage their privileged access to inject malicious code into the npm registry.
Posted inCybersecurity News

Hackers penetrate Toptal’s GitHub account and leverage their privileged access to inject malicious code into the npm registry.

In July 2025, prominent freelance talent platform Toptal grappled with a significant software supply chain breach after unknown threat actors penetrated its GitHub organization account. The repercussions of the attack extended far beyond source code exposure, as adversaries leveraged their privileged access to inject malicious components into the open-source ecosystem via the npm registry.
GitHub releases patches for vulnerabilities impacting mutliple versions of GitHub Enterprise Server.
Posted inCybersecurity News

GitHub releases patches for vulnerabilities impacting mutliple versions of GitHub Enterprise Server.

After a hunter scored a bounty in their bug bounty program, GitHub released patches addressing a high-severity remote code execution (RCE) vulnerability, tracked as CVE-2025-3509, that affected multiple versions of GitHub Enterprise Server. There is no indication that the vulnerability was exploited in the wild prior to patching.