GitHub dismissed security reports on flaws now exploited by supply-chain worm, researchers say

GitHub rejected two formal vulnerability reports identifying design flaws that researchers say are enabling variants of the Shai-Hulud supply-chain worm to infect and compromise hundreds of software packages and developer accounts worldwide.