Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise

Popular JavaScript modules including size-sensor and echarts-for-react hit as hijacked account closed GitHub warnings ...
Techlomedia

GitHub Investigating Unauthorized Access to Internal Repositories, Says Customer Data Not Impacted

GitHub has confirmed that it is investigating unauthorized access to some of its internal repositories. The company shared ...
techwireasia.com

ESET invests $40 million in AI cybersecurity at ESET World 2026

ESET announced a $40 million AI cybersecurity investment to secure AI systems. ESET outlined OpenClaw risks, launched ESET Private, and entered network security. ESET has announced a $40 million ...

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

New Shai-Hulud malware wave compromises 600 npm packages

Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a ...
Microsoft

Exposing Fox Tempest: A malware-signing service operation

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other ...

Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack

The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects ...