Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

The AI company's Bumblebee tool tackles your most urgent question after any supply‑chain advisory: Do your programmers have ...

BTMOB Android malware service generates custom phishing payloads

An Android remote access trojan named BTMOB is offered to cybercriminals with a builder interface for generating malware ...

CrowdStrike and Google shut down glassworm malware network targeting software developers

CrowdStrike, alongside Google and the Shadowserver Foundation, has disrupted the Glassworm botnet used to spread malware ...

My new favorite Windows app made my PC safer and more reliable - and it's free

Downloading executable installer files from random websites is the best way to put malware on your Windows PC. Stop doing ...

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...

‘TrapDoor’ malware targets crypto dev tools in supply chain attack

Developer platform Socket says a malware called TrapDoor is targeting crypto and AI developers across npm, PyPI and Crates, aiming to steal crypto wallet info and browser data.
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

Microsoft Reveals How One Hacked Identity Triggered a Massive Cloud-Wide Breach

Microsoft says Storm-2949 used one hacked identity to infiltrate cloud systems, steal sensitive data, and spread across Azure ...

Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...
cybernews

Supply chain hit once again: single NPM account pushes 600+ compromised packages, used by millions

Another massive supply chain attack is spreading. Hundreds of compromised NPM packages are being detected, with hackers using stolen secrets to create over 2,200 public GitHub repositories, all ...
Bulletin of the Atomic Scientists

The Andes hantavirus ship outbreak: Lessons from a dress rehearsal

A hantavirus outbreak on a cruise ship has now infected 10, killed three, and left more than 100 people quarantining in the ...