Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines

The attackers swapped the account's email address for an anonymous ProtonMail inbox and pushed the infected packages manually ...

Neovim 0.12 with native plugin manager

Neovim 0.12 introduces a native plugin manager and puts an end to "Press ENTER". The goal is an out-of-the-box editor.
InfoWorld

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...
The Hacker News

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

GlassWorm uses Solana and Google Calendar dead drops to deliver RAT stealing browser data and crypto wallets, impacting ...
Hackaday

This Week In Security: Second Verse, Worse Than The First

Isn’t there some claim events come in threes? After the extremely rare leak of the iOS Coruna exploit chain recently, now we have details from Google on a second significant exploit in the ...
VnExpress International on MSN

Vietnamese teen accused of creating malware that infected 94,000 computers worldwide

A 12th-grade student in Thanh Hoa Province has been accused of developing malicious software and selling it to cybercrime ...
MUO on MSN

Your spare laptop is about to become the cheapest NAS alternative you'll find

Your old laptop is about to outwork that overpriced NAS box ...
Cryptopolitan on MSN

Axios supply chain attack raises risk to crypto wallets

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...
eWeek

Put Mac Tasks on Autopilot with Claude

Apple's freshly minted iOS 26.4 packs more punch than a double-shot macchiato. Headlining the release is Playlist Playground ...
Cybernews

Critical compromise: Axios NPM library with 100M weekly downloads is delivering malware

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...
Techzine Europe

Axios npm package compromised, posing a new supply chain threat

Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked ...