Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines

The attackers swapped the account's email address for an anonymous ProtonMail inbox and pushed the infected packages manually ...
InfoWorld

Visual Studio Code previews chat customizations editor

Just-released Version 1.113 of Microsoft’s Visual Studio Code editor emphasizes improvements ranging from chat customizations ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

GitHub developers targeted by fake VS Code alerts spreading malware

Socket uncovers large-scale GitHub spam campaign abusing “Discussions” notifications Fake advisories with bogus CVEs trick ...

Redesigning business programming for the AI economy at Sac State

Artificial intelligence is rapidly transforming how organizations operate, analyze data, and develop new products. For ...

Mozilla introduces cq, describing it as 'Stack Overflow for agents'

Mozilla is building cq - described by staff engineer Peter Wilson as "Stack Overflow for agents" - as an open source project ...
Cryptopolitan on MSN

Axios supply chain attack raises risk to crypto wallets

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

Innovative AS400 Modernization with AS/Forward Platform

Golden Path Digital, a frontrunner in enterprise modernization solutions, has today unveiled AS/Forward, a sophisticated ...
HealthcareInfoSecurity

LiteLLM Hit in Cascading Supply-Chain Attack

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...
The Hacker News

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

GlassWorm uses Solana and Google Calendar dead drops to deliver RAT stealing browser data and crypto wallets, impacting ...