The Hacker News

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

Multiple npm supply chain attacks used 50+ poisoned packages to spread IronWorm, a Rust-based stealer, and a Miasma worm ...

Attack on GitHub.dev steals OAuth token for all repos

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...
InfoWorld

Protocol Buffers schemas expose remote code execution risk

Researchers at Cyera found six vulnerabilities in prtobuf.js, including a flaw that can turn attacker-controlled schema data ...

Big Bend steel fabricator's longtime shop site sells for $1.3M

Preview this article 1 min The 3-acre property at Big Bend Industrial Park has housed the company since at least 2001. Women ...

Security News This Week: Crypto-Funded Chinese Peptide Labs Are Booming

Plus: Hackers use Meta’s AI bots to hack Instagram accounts, Anthropic helps NSA hackers, a decades-long GPS satellite ...
Opinion

AI is a runaway train. Businesses risk repeating a decade of failed digital transformation

In the wrong hands, AI adoption can be awful, in particular because so many of the people trying to roll it out fail to consider the workers who are being asked to use it, writes Karima-Catherine Goun ...
JD Supra

When the worm targets the assistant: Miasma turns AI coding agents into the trigger

GitHub disabled 73 repositories across four Microsoft organizations on June 5 after the self-replicating supply-chain campaign known as ...

New Kinaxis CEO bets Ottawa supply chain software company will be a SaaS-pocalypse winner

There are reasons to share Mr. Gaurav’s optimism. Maestro is mission-critical software for giants including Ford, Lockheed ...
Redmondmag.com

Supply Chain Attack Hits Microsoft GitHub Repos, AI Coding Tools

GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a supply chain attack aimed at developer workstations and AI ...
LGBTQ NationOpinion

The attacks on James Talarico’s masculinity hurt everyone, including the people who lob them

Societal heterosexism and cissexism prevent some LGBTQ people from developing authentic self-identities and add to the ...

After cyberattacks: TanStack considers restrictions for pull requests

TanStack tightens security measures after supply chain attacks. Pull requests may soon only be possible by invitation.