Bleeping Computer

New IronWorm malware hits 36 packages in npm supply-chain attack

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...
InfoWorld

Attack targeting OpenAI Codex users exposes AI software supply chain risks

The incident highlights how attackers can hide malicious code in software packages that differ from the source code available ...
Infosecurity Magazine

Attackers Hijack Red Hat npm Scope to Steal Cloud Secrets

Red Hat's official npm namespace has been hijacked to push backdoored package versions built to steal cloud and developer ...
SecurityWeek

Supply Chain Attack Hits 32 Red Hat NPM Packages

Hackers published 96 malicious package versions, injected with a credential-stealing worm similar to Mini Shai-Hulud. On Monday, hackers hit Red Hat’s NPM repository in a new supply chain attack, ...
Hackaday

This Week In Security: AI Generated Reports, More AI Generated Reports, GitHub Chaos, And More Linux Vulnerabilities

Google’s Project Zero demonstrates a new zero-click exploit for the Pixel 10 phones, showing a full escalation from remote to kernel without user interaction. During the investigation Project Zero ...
GIGAZINE

The popular JavaScript library suite 'TanStack,' which is downloaded millions of times every week, has been hit by a supply chain attack; development environments with the ...

A supply chain attack was carried out against TanStack, a set of libraries widely used in JavaScript and React development, by releasing malware-infused versions of its npm packages. According to ...
Task & Purpose

Marines on way to Middle East seen using rifles with anti-drone smart scope

Add Task & Purpose (opens in a new tab) More information Adding us as a Preferred Source in Google by using this link indicates that you would like to see more of our content in Google News results.
The Hill

Iran calls for human chains around power plants ahead of Trump deadline

Iranian officials on Tuesday urged their people to form human chains around power plants as the country faces a deadline set by President Trump to reopen the Strait of Hormuz or risk major strikes on ...
CSOonline

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem. Attackers ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
Deadline.com

Kidnap Thriller ‘The Chain’ Lands Straight-To-Series Order At HBO With Damon Lindelof As Showrunner

Damon Lindelof is getting back into showrunning with a new kidnap thriller at HBO. The Warner Bros Discovery-owned cable network has handed The Chain a straight-to-series order. Based on Adrian ...