The Hacker News

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...
Security Boulevard

CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
Morning Overview on MSN

ZX Spectrum with 48KB RAM pulls off a Kerbal moon landing

YouTuber and orbital mechanics expert Scott Manley has successfully landed a virtual Kerbal astronaut on the Mun, the in-game moon of Kerbal Space Program, using a ZX Spectrum home computer equipped ...
XDA Developers on MSN

I automated my entire read-it-later workflow with a local LLM so every article I save gets summarized overnight

No more fighting an endless article backlog.
Security Boulevard

AI Infrastructure LiteLLM Supply Chain Poisoning Alert

Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in the new version of LiteLLM. Analysis confirmed that it had ...
SecurityWeek

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack

Aqua Security’s Trivy vulnerability scanner was compromised in a supply chain attack, leading to information-stealing ...

They Will Kill You review – satanic beat-’em-up offers gore, bad jokes and deja vu

A housekeeping role turns into a fight for survival in a derivative cocktail of action, comedy and horror that doesn’t go down all that well ...
Hackaday

This Week In Security: Second Verse, Worse Than The First

Isn’t there some claim events come in threes? After the extremely rare leak of the iOS Coruna exploit chain recently, now we have details from Google on a second significant exploit in the ...
Global Investigative Journalism Network

Analyzing Job Posting Data to Investigate the African Labor Behind AGI Hype

In the AI economy, hundreds of thousands of digital workers — or “gig workers” — from around the world are tasked with ...

The best adverts of the 2000s

For many, the best ads of the 2000s bring back floods of nostalgia. A snapshot of a unique moment in time, these memorable ...