The Hacker News

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

npm 12 disables install scripts by default, requiring explicit approval to reduce dependency-based code execution risks.
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
Pen Test Partners

ClickFix, CrashFix and the growing family of copy and paste attacks

TL;DR Introduction At the start of this year, I wrote a blog on how 2025 was the ‘year of the infostealer’, and it doesn’t ...

npm tackles its riskiest security issues

With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

Indian Motorcycle campaign against Harley tied to Trump campaign leader

Brad Parscale, President Trump’s ex-campaign manager, may be leading Indian Motorcycle’s wider brand and positioning work ...

Flashbacks to the dot-com crash show investors are ignoring the math again

In 2002, with the dot-com wreckage still smouldering, Sun Microsystems’ chief executive officer Scott McNealy was asked about ...

The next YouTube phenomenon hitting the big screen

The Amazing Digital Circus: The Last Act. TADC is one of the most successful animated series on YouTube, and one of the ...

Miasma worms its way onto GitHub as attack kit goes open source

As if the Miasma situation weren't bad enough, now this weapon is spreading like wildfire. Someone open sourced the entire ...
The Hacker News

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

Multiple npm supply chain attacks used 50+ poisoned packages to spread IronWorm, a Rust-based stealer, and a Miasma worm ...

Suspicious Polyfill login prompts pop up on Toshiba, Muji websites

Tech giant Toshiba and mega-retailer Muji warned visitors that suspicious sign-in screens popping up on their websites could ...

Door County's 2026 theater season is starting. Here's what's playing

Here's a look at what Door County's four professional theater companies and one community theater bring to their stages for ...