The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

How to perform web scraping at scale

Web scraping is a process that extracts massive amounts of data from websites automatically, with a scraper collecting thousands of data points in a matter of seconds. It grabs the Hypertext Markup ...

Instructure confirms hackers used Canvas flaw to deface portals

Education technology giant Instructure has confirmed that a security vulnerability allowed hackers to modify Canvas login ...
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

PM to meet with Streeting ahead of King's Speech

Sir Keir Starmer is due to meet with mooted leadership rival Wes Streeting in Downing Street this morning – just hours before ...

Instructure reaches 'agreement' with ShinyHunters to stop data leak

Instructure, the edtech giant behind the widely popular Canvas learning management system (LMS), has reached an "agreement" ...

Big Mike's Burgers owner faces 39 felony evasion charges for alleged tax fraud

Michael Montano faces charges related to gross receipts taxes and personal income taxes. The investigation began in February ...

SNP is Scotland's biggest winner with pressure for independence vote likely to follow

Nearly 50 years after joining the SNP, John Swinney led his party to Holyrood victory – but crucially he failed to win the ...
InfoWorld

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...
The Indiana Lawyer

Indiana regulators awaiting final federal marijuana action as lawmaker drafts legalization bill

State Sen. Mike Bohacek announced on Monday his plans to draft 2027 legislation that would legalize medical marijuana in ...
InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...
Decrypt

Fake OpenAI Repo Hit #1 on Hugging Face—And Stole Passwords While It Trended

A fake repo impersonating the OpenAI Privacy Filter model racked up 244,000 downloads in under 18 hours before Hugging Face ...