Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
Tech Times

GitHub CISO Names Nx Console as Root of 3,800-Repo Breach: OpenAI, Grafana Also Hit

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
Payload Asia

Skyworks Solutions: Why collaboration, not cost, defines a shipper of choice

Courtesy of Skyworks Solutions. When Skyworks Solutions was named Shipper of Choice – Collaboration at the 12th Payload Asia Awards, the recognition reflected more than strong t ...
Dark Reading

Google API Keys Remain Active After Deletion

A security researcher discovered the API keys can still be used for 23 minutes after deletion, even though the cloud provider ...

Experts find Google API keys are still usable, even after you delete them

For more than 20 minutes after deletion, some Google API keys can still be used, apparently creating a major security gap.
Memeburn

OpenAI code security issue: Hackers steal internal data in 2026

OpenAI confirms a severe 2026 supply chain attack compromised internal repositories. Discover how this TanStack security ...

Reddit's API protest just got even more NSFW

All of this led to the subreddit officially being marked NSFW on Monday. Elsewhere, other Reddit communities are continuing ...

Clear your calendar, Drupal user: You have a critically urgent patch to install

The Drupal Security Team’s Monday PSA announcing the imminent patch for Drupal core doesn’t include any specifics, with the ...

Page 2: OpenTelemetry for MemoryCache

The fourth preview brings new methods to existing classes in the .NET base class library and a new configuration file for ...
The Hacker News

⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More

Weekly cybersecurity recap covering zero-days, malware, phishing, supply chain attacks, cloud threats, AI security risks, and ...