The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.

New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
The Hacker News

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container ...
Fox Business

Product Recalls

Macy’s is recalling about 4,600 Arch Studio tea kettles after reports the handle can detach when heated, posing a potential burn hazard. Federal regulators reannounced a recall of 429,000 Casely ...
Fox Business

Food and Drinks

Anheuser-Busch announces a $600 million U.S. investment to boost domestic production, expand veteran hiring and launch 15 new training centers. Papa John's customers were outraged over a box message ...
Yahoo Finance

Northern Trust 2055 Tax-Exempt Distributing Ladder ETF (MUND)

The above button links to Coinbase. Yahoo Finance is not a broker-dealer or investment adviser and does not offer securities or cryptocurrencies for sale or facilitate trading. Coinbase pays us for ...