News

The Hacker News

Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...
TechJuice

Massive npm Supply-Chain Attack: Shai-Hulud Worm Infects Over 180 Packages

A new self-replicating worm dubbed Shai-Hulud has compromised over 180 npm packages, stealing credentials and spreading ...

Self-propagating supply chain attack hits 187 npm packages

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...
Wired

Why Did a $10 Billion Startup Let Me Vibe-Code for Them—and Why Did I Love It?

I asked my editors if I could go work at a tech startup. It was an unusual request. But I wanted to learn to vibe-code. My need to know felt urgent. I wanted to survive the future. The pitch process ...
The Register on MSN

Self-propagating worm fuels latest npm supply chain compromise

Intrusions bear the same hallmarks as recent Nx mess The npm platform is the target of another supply chain attack, with ...
InfoWorld

What makes JavaScript great

JavaScript’s low bar to entry has resulted in one of the richest programming language ecosystems in the world. This month’s ...

Hijacker helper VoidProxy boosts Google, Microsoft accounts on demand

Multiple attackers using a new phishing service dubbed VoidProxy to target organizations' Microsoft and Google accounts have ...