Move fast (with guardrails).

AWS Summit NYC w/ Rootly AI, Cloudsmith, Mend.io, Cortex, ClickHouse, & Docker luma.com/odgqf98e via @LumaHQ @rootlyhq @cloudsmith

Cloudsmith's Terraform provider now offers `cloudsmith_connected_repository`, enabling Infra-as-Code for managing connected repositories and #terraform #cloudsmith #infrastructureascode #devops

Your artifact registry and your deployment tool shouldn't be strangers. Cloudsmith decides what's allowed. @OctopusDeploy controls how it ships. Governance baked in, not bolted on. cloudsmith.com/blog/from-tru…

Join @cloudsmith, @rootlyhq, Mend.io, @ClickHouseDB, and @Docker in NYC for an evening of cocktails, conversations, and connections. 📍 Diamante’s | 410 8th Ave, NYC 📅 Wed, June 17 | 5:30-8:30 PM 🍸 RSVP: luma.com/odgqf98e?utm_source…

Detay: techcrunch.com/2026/06/08/mi… Cloudsmith OpenSourceMalware ilk işaret edenler. Microsoft ~70 repoyu geçici kaldırdı; bazıları geri geldi. AI editörüne çektiğin paketi körlemesine açma.

Microsoft'un kendi açık kaynak araçları hacklendi — hedef: AI geliştiricilerinin şifreleri. Saldırganlar Microsoft'un ~70 GitHub projesine şifre-çalan zararlı kod enjekte etti. Etkilenenler: Azure araçları Claude Code, Gemini CLI, VS Code ile kullanılan paketler. Mekanizma korkutucu: aracı AI editöründe açtığın an kimlik bilgilerin saldırgana gidiyor. Cloudsmith ve OpenSourceMalware yakaladı; Microsoft repoları geçici kaldırdı. 2 haftada 2. olay (Mayıs'ta Durable Task). Ders: AI dev ortamına çektiğin her paketi doğrula — "Microsoft'un" demek "güvenli" demek değil. Kaynak ilk yorumda.

🚨 BREAKING: Miasma hit Microsoft. GitHub disabled 73 Microsoft repos across Azure, azure-samples, and MicrosoftDocs on June 5 — contained in 105 seconds. The targets: VS Code extensions, Azure DevOps utilities, and AI developer tools. Over 2,400 secrets exfiltrated. The game-changing detail: no malicious package install required. Credentials were stolen the moment a developer opened an infected repo in Claude Code, Gemini CLI, or any AI coding tool. And this is Microsoft's SECOND Miasma hit — Cloudsmith says the original May credentials were never fully rotated. If you cloned any Azure or Microsoft repo since May, rotate all your secrets now. 👇 bleepingcomputer.com/news/se…

微软这波有点离谱。 它直接把 GitHub 上一批开源项目先下线了，理由也很直白：在查是不是有人把密码窃取木马塞进了代码里。 被影响的项目不少都跟 Azure 有关，另外还有一堆给开发者配合 AI 编程工具用的东西，比如 Claude Code、Gemini 的命令行接口、还有 VS Code 相关工具。 Cloudsmith 和 OpenSourceMalware 先把这事扒出来。 他们的说法是，恶意代码一旦被人在 AI 编程应用里打开，就可能把密码和其他敏感凭证偷走。 这就很阴。 你以为你是在跑工具，结果工具先把你账号给掏了。 现在还不知道到底有多少人下载过这些被污染的项目。 微软那边也确认了，仓库是它自己先临时撤下来的，理由就是继续调查。

#Miasma Worm Compromises 73 Microsoft #GitHub Repositories securityaffairs.com/193367/m… #securityaffairs #hacking #malware @cloudsmith

According to security firm @cloudsmith and community-driven malware analysis site @ossmalware, the malware allowed the hackers to steal the users’ passwords and other sensitive credentials when they opened the compromised tools in their AI coding apps.

Microsoft has cut off access to dozens of open-source projects on GitHub after hackers reportedly injected password-stealing malware targeting AI developers. @TechCrunch @zackwhittaker @Microsoft @github @cloudsmith #cybersecurity

MicrosoftがGitHub上で公開していた複数のオープンソースプロジェクトへのアクセスを一時停止した。調査によると、攻撃者がプロジェクトを侵害し、認証情報を窃取するマルウェアをコードへ混入させた可能性がある。 影響を受けたプロジェクトの多くはAzure関連ツールや、Claude Code、Gemini CLI、VS CodeなどのAI開発環境で利用される開発者向けツールに関連している。 CloudsmithおよびOpenSourceMalwareによると、混入されたマルウェアは利用者が対象ツールをAIコーディングアプリ内で開いた際に、パスワードやその他の認証情報を窃取する機能を備えていたという。 Microsoftは調査のため一部リポジトリを非公開化したことを認めている。調査後に復旧したリポジトリもあるが、一部は引き続き停止されたままとなっている。 またMicrosoftは、影響を受けた可能性がある少数の利用者へ個別に通知を行ったと説明した。ただし、影響を受けた利用者数やダウンロード数は公表していない。 GitHub上では少なくとも70件のMicrosoft関連プロジェクトが無効化されたことが確認されている。 この事案は、ソフトウェア開発の供給網を狙うサプライチェーン攻撃の一例とみられている。さらにOpenSourceMalwareは、5月に侵害が報告されたMicrosoftのオープンソースプロジェクト「Durable Task」の再侵害である可能性を指摘している。 techcrunch.com/2026/06/08/mi…

Cloudsmith and OpenSourceMalware flagged the breach. Microsoft confirmed it pulled the repos and notified a small number of customers who may have downloaded affected code. Some repos have been restored; others remain offline.

Microsoft GitHub has urgently taken down dozens of open-source repositories due to hacker attacks injecting password-stealing malware. Affected projects include Azure cloud services and popular AI development tools like IDEs, causing shock in the developer community. Security firms Cloudsmith and OpenSourceMalware first detected the anomaly..... 微软GitHub上的数十个开源项目仓库近日紧急下线，因黑客入侵并注入窃取密码的病毒代码。受影响项目集中在Azure云服务和热门AI开发工具，如集成开发环境，引发开发圈震动。安全公司Cloudsmith和OpenSourceMalware最早发现异常。

The Belfast software firm/ near unicorn @cloudsmith has appointed a CFO (Mark O'Connor) & a General Counsel (Dan Lascell). It’s the same guys who had previously been doing the work on advisory basis. It’s the next step on getting the business on an IPO runway.

Simple n8n flow to monitor OSV for compromised packages and then scans my CloudSmith mirror incase any have been downloaded.

Moved over my personal gear to @cloudsmith free tier for NPM/PyPi so I can at least answer the question "did I download that dodgy NPM package?". dotfiles updated for my machines to pull from a mirror. Logging works ok, just need to feed in my hostname somehow vs just IP. But the tradeoff is that I loose "min-release-age" protection as all assets are cached... baby steps xD

Economy Minister Dr @CArchibald_SF joined @softwareni CEO Neil Hutcheson and Margaret McCabe @bfastmet to launch the first Assured Skills Academy in software sales. Belfast Met will deliver the training at their E3 campus from Monday 3 August 2026 for eight weeks. Those who successfully complete Assured Skills Academies are guaranteed a job interview with supporting companies. Base salaries are in the range of £25,000 - £30,000. The Academy is in collaboration with seven employers: First Derivative - an Epam company (Newry), Everway (Antrim), ComplyFirst (Hillsborough) and Belfast firms SciLeads, Analytics Engines, Version 1 and Cloudsmith. 🔗Apply at: nidirect.gov.uk/articles/sof…

Dependabot and code scanning support OIDC authentication for Cloudsmith and Google Artifact Registry at the organization level. • Org admins can set OIDC credentials to get short-lived tokens from cloud identity providers github.blog/changelog/2026-0…