The Hacker News

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
Morning Overview on MSN

Malicious open-source packages surge 73% in 2026 as threat actors weaponize the software supply chain

In the first five months of 2026, security researchers have flagged more malicious packages on the npm registry than in all ...
Security Boulevard

No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours

Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...
VentureBeat

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a ...
Dark Reading

Axios NPM Package Compromised in Precision Attack

The Axios JavaScript NPM package was recently compromised, representing one of the highest impact supply chain attacks against the open source development ecosystem in recent months. Axios is the most ...
Milwaukee Journal Sentinel

Schimel says Baldwin's opposition to his appointment blindsided him

U.S. Sen. Tammy Baldwin opposes the term extension of interim U.S. Attorney Brad Schimel, citing concerns about partisanship. Schimel stated he was blindsided by the opposition and that his office is ...
Wired

You Can Now Install—and Update—Microsoft Store Apps Using the Command Line

I can't stand opening the Microsoft Store. It's slow to load, confusing to browse, and full of ads for things I don't care about. Luckily, thanks to a new feature, I don't have to open the Microsoft ...