Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
Memeburn

Microsoft Flagged Mistral AI Hack in PyPI Malware Supply Attack

Microsoft flagged a Mistral AI hack as a supply-chain attack that hid malware in a fake AI library on PyPI. Here's what ...
InfoWorld

Four cutting-edge tools for spec-driven development

Kiro, Spec Kit, Tessl, and Zenflow offer a more systematic and structured approach to developing with AI agents than vibe ...
Indian Defence Review on MSN

Twin Brothers Deleted 96 U.S. Government Databases Within an Hour After Being Fired, And Chatted About It the Whole Time

A Virginia software contractor deleted nearly 100 US government databases within minutes of being fired, with his twin ...
Hackaday

This Week In Security: Another Linux Exploit, Ubuntu Knocked Offline, Finals Interrupted, And Backdoored Tools

After the CopyFail vulnerability gave root access from any user on almost all distributions last week, this week we’ve got DirtyFrag. This chains the vulnerability in CopyFail (xfrm-ESP) and ...
Dark Reading

Physical Cargo Theft Gets a Boost From Cybercriminals

Supply chain theft is no longer just criminal groups operating locally, but transnational cybercriminal syndicates exploiting ...
Tech Times

“Harness Engineering” Emerges as the Fourth Paradigm of AI Engineering

On Wednesday, a survey of 700 software engineering leaders across five countries found that AI coding tools have transformed their work faster than the industry’s measurement frameworks can track — ...
The Hacker News

Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

Silver Fox spreads ABCDoor via 1,600 phishing emails in 2026 targeting India and Russia, enabling data theft and remote ...

Disgraced US gov software contractor found guilty of database destruction

A Virginia man, Sohaib Akhter, faces decades in prison after a jury convicted him of being involved in a scheme to delete ...
The Hacker News

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

ScarCruft spreads BirdCall via sqgame.net since late 2024, targeting Android users, enabling surveillance and data theft.
Live Bitcoin News

The npm Package That Wipes Your Files When You Try to Stop It

An attacker poisoned 84 TanStack npm versions across 42 packages, stealing GitHub OIDC tokens and cloud keys while planting a ...
Dark Reading

Silver Fox Springs Tax-Themed Attacks on Orgs in India, Russia

More than 1,600 malicious messages from the China-backed APT group deliver the previously undocumented ABCDoor backdoor and ...