The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
The Hacker News

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

npm 12 disables install scripts by default, requiring explicit approval to reduce dependency-based code execution risks.

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

Breaking down the teams playing for a national championship at the College World Series

The College World Series opens in Omaha, Nebraska, on Friday with Troy and West Virginia squaring off in a matchup of ...

Last chance to file claims in Trader Joe's settlement. How to get money

Trader Joe's shoppers, you could be eligible for a payout. The deadline to file a claim is just days away.
Pen Test Partners

ClickFix, CrashFix and the growing family of copy and paste attacks

TL;DR Introduction At the start of this year, I wrote a blog on how 2025 was the ‘year of the infostealer’, and it doesn’t ...
Opinion
HackadayOpinion

This Week In Security: Messing With AI, 7Zip And Notepad++ Vulnerabilities, HTTP2 Bomb, And More

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...

Goodbye, Mall at Fox Run: Demolition making way for Seacoast Landing

Demolition of Savers and Newington Park Shopping Center begins. Mall at Fox Run is next. Here's what we learned about ...

DocLang aims to make documents readable by AI, not humans

Its launch raises the question of what impact a new format will have on human workers, as well as on governance and ...

Microsoft June 2026 Patch Tuesday fixes 6 zero-days, 200 flaws

Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws, including five publicly disclosed zero-day ...

Is the government spying on you? Congress seems to think so.

Congress is struggling to extend a key surveillance law — in part due to privacy concerns and to Trump's pick of Bill Pulte ...