News

SecurityWeek

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit

Shai-Hulud is the third major supply chain attack targeting the NPM ecosystem after the s1ngularity attack and the recent ...
CSO Online

Warning: Hackers have inserted credential-stealing code into some npm libraries

Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...

Clever advertising scam with Android apps busted after all

A new scam to covertly retrieve advertising surprises security researchers. Google had to delete over 200 apps from the Play ...

Warning about data-stealer spreading through software used by millions of programmers

Security researchers worldwide are warning about a supply-chain attack on the Node Package Manager (NPM), where a ...
Cybernews

Hundreds of NPM packages compromised as ongoing supply chain attack snowballs out of control

Halud, is compromising hundreds of NPM packages, spreading self-replicating malware, exfiltrating data, and turning private ...

Microsoft turns to Anthropic's AI for Visual Studio Code, raising eyebrows about OpenAI ties

Microsoft is signaling a shift in its AI priorities, favoring Anthropic's Claude Sonnet 4 over OpenAI's GPT-5 models in its flagship developer tool, Visual Studio Code.

Why not starting Vinicius Jr. in Real Madrid's opening Champions League match was a mistake by Xabi Alonso

The Spanish manager decided not to include Vinicius Jr. in the starting lineup against Marseille on Tuesday and it nearly ...