SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

FedEx expands ServiceNow partnership

The multi-year initiative integrates intelligence from FedEx Dataworks with artificial intelligence to automate sourcing ...

Florida gas prices drop 7 cents but relief may be short-lived as oil surges on Iran tensions

Florida drivers enjoyed four straight days of declining gas prices, but President Donald Trump's statement on Iran ...
The Hacker News

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.
The Caledonian-Record

2 Millionen Downloads in sechs Monaten: Die mehrsprachige App von Tabelog vereinfacht die Restaurantsuche für Japan-Reisende

Services zur Restaurantsuche und Reservierung, betrieben von Kakaku.com, Inc., hat bekannt gegeben, dass seine mehrsprachige ...
Morning Overview on MSN

Malicious open-source packages have surged 73% in 2026 as attackers poison the software supply chain

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...
Cryptopolitan on MSN

Malicious SAP npm packages target crypto wallet data

Four npm packages linked to SAP's Cloud Application Programming Model were hijacked. The hackers added code that steals ...

Backdoored PyTorch Lightning package drops credential stealer

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...

Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months

Adobe patches a critical PDF flaw exploited for months, allowing attackers to bypass sandbox protections and deliver malware. Users urged to update now.
VentureBeat

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a ...
AARP

Free Smartphone Apps Can Have Hidden Privacy Risks

Javascript must be enabled to use this site. Please enable Javascript in your browser and try again. Ends 5/15/26! Stay confident in today’s economy with useful ...