The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
Security Boulevard

This fake Windows support website delivers password-stealing malware

A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.

New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.
Hosted on MSN

I was tricked into eating another bug - a blind guy unboxing

You sent along a bunch of random packages and I opened them up. Most of them were super fun surprises and one of them was a little bit of a nasty surprise. I still love playing the game though. it’s ...
InfoWorld

Exciting Python features are on the way

Don’t miss the transformative improvements in the next Python release – or these eight great reads for Python lovers.
Hosted on MSN

South suburban man left with 150-plus unwanted packages after TikTok Shop glitch

Imagine dozens of packages piling up outside your home day after day—and you didn’t order a single one of them. For one south suburban Oak Forest man, a TikTok shipping glitch became a months-long ...
KTVU

Crime and Public Safety

A suspect who is possibly armed stole a UPS truck early Thursday morning and barricaded himself inside, engaging in a four-hour standoff with Fremont police, officials said. A suspect who is possibly ...