The Hacker News

Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...
Redmondmag.com

GitHub Expands Copilot to Teams, Strengthens npm Security and Adds Enterprise Usage Tools

GitHub rolled out several updates this week aimed at developer collaboration, open source security and enterprise billing.
Security Boulevard

Detect Secrets in GitLab CI Logs using ggshield and Bring Your Own Source

Discover how to automatically detect secrets in GitLab CI logs using ggshield and GitGuardian's Bring Your Own Source ...
Crypto News

Leaked Code Reveals MetaMask Is Launching In-Wallet Perpetuals Trading using Hyperliquid

Leaked code has shown MetaMask is preparing in-wallet perpetuals trading with Hyperliquid, expanding decentralized ...
Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...

Vibe coding startup Emergent nabs $23M in funding

Emergent Labs Inc., a startup with an artificial intelligence platform for building applications, today announced that it has ...
InfoWorld

Down and out with Cerebras Code

Cerebras’s hosted Qwen3 Coder service promised to be the Claude replacement many developers craved. We’re losing hope.
CSO Online

Warning: Hackers have inserted credential-stealing code into some npm libraries

Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...

OpenAI has new agentic coding partner for you now: GPT-5-Codex

From cloud hand-offs to GitHub reviews, GPT-5-Codex is optimized for agentic coding and designed to supercharge developer workflows.

A terrifying, self-replicating malwaere has infected npm packages with over 2 million downloads per week - here's how to stay safe

"After detecting several malicious Node Package Manager (NPM) packages in the public NPM registry, a third-party open source ...