SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
The Hacker News

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.
Dark Reading

Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain

Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open ...

'ClickFix' attack tricks users into hacking themselves, ACSC warns

ClickFix relies on tricking users into essentially hacking themselves by running commands that compromise their computers. In ...
Cyber Daily

The industry speaks – part 2: World Password Day 2026

However, the biggest human element threat in 2026 isn’t just password reuse – it’s the accidental insider threat created by ...
Hosted on MSN

White House app found with hidden GPS tracking, weak security

A security researcher’s decompilation of the White House’s official mobile app uncovered hidden GPS tracking, insecure code ...
GitHub

MichaelXF/js-confuser-vm

Requires Node v24.13.1 or higher ES5 support only. No complex features: async, generator, and even try..finally aren't supported. Experimental. Expect issues. Try the ...