The Hacker News

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...

GitHub announces npm security changes to tackle supply-chain attacks

GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking ...

GitHub pulls pin on npm's auto-run scripts

GitHub will change npm's defaults so the install command no longer runs scripts automatically, disabling a feature commonly ...
InfoWorld

GitHub finally pulls the plug on automatic install script execution for npm

The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took ...
Cryptopolitan

Reaper malware hijacks Script Editor to drain crypto wallets on macOS

Reaper malware targets macOS users via Script Editor to steal crypto wallets, browser passwords, and sensitive files.
Security Boulevard

Top 10 PAM Solutions for Securing Machine Identities and AI Agents

Today, privileged access is just as likely to come from a machine as a human. Service accounts, API keys, SSH keys, certificates, workloads, scripts, CI/CD pipelines, robotic process automation, and ...