Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
InfoWorld

New npm worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
The Guardian

Never mind the lit-bros: Infinite Jest is a true classic at 30

Forget its reputation as a performative read for a certain breed of intense young man, thirty years after its publication, David Foster Wallace’s epic novel still delivers, says the Crying in H Mart ...
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Half a dozen vulnerabilities in the JavaScript ecosystem’s leading package managers — including NPM, PNPM, VLT, and Bun — could be exploited to bypass supply chain attack protections, according to ...
CoinDesk

Lighter DEX launches LIT token with 25% airdrop

Perpetuals-focused Ethereum-based Layer 2 decentralized exchange (DEX) Lighter has announced the debut of its native cryptocurrency, the Lighter Infrastructure Token (LIT), to align traders, builders, ...
financefeeds

Shai Hulud Malware Hits 400+ JavaScript Packages in Major NPM Supply-Chain Attack

What Happened in the Shai Hulud JavaScript Attack? A major JavaScript supply-chain attack has compromised more than 400 NPM packages — including at least 10 widely used across the crypto ecosystem — ...
Bleeping Computer

Malicious NPM packages fetch infostealer for Windows, Linux, macOS

Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component that collects sensitive data from Windows, Linux, and macOS systems. The ...
The New York Times

Laszlo Krasznahorkai Is Awarded Nobel Prize in Literature

The prize committee said the Hungarian writer’s work “reaffirms the power of art.” By Alex Marshall and Alexandra Alter Laszlo Krasznahorkai, a Hungarian novelist known for his dystopian themes and ...
CNN

Hungary’s László Krasznahorkai wins Nobel Prize in literature for work confronting ‘apocalyptic terror’

The 2025 Nobel Prize in literature has been awarded to László Krasznahorkai, a Hungarian writer who said his dark and difficult novels aim to examine reality “to the point of madness.” Announcing the ...
ZDNet

5 ways to spot software supply chain attacks and stop worms - before it's too late

Shai-Hulud is the worst-ever npm JavaScript attack. This software supply chain worm attack is still ongoing. Here are some ways you can prevent such attacks. For those of you who aren't Dune fans, ...