Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Tech Times

npm v12 Security Overhaul Blocks Install Scripts by Default: July Deadline for CI Migration

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...
The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
Tech Times

Red Hat npm Packages Compromised, 57 More Follow: Signed Attestations Cannot Block Pipeline Hijack

Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...
Bleeping Computer

Red Hat npm packages compromised to steal developer credentials

More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, ...
Ubuntu

JavaScript Timestamp Bugs: How UTC Mistakes Break Web Apps

A cron job that worked perfectly for six months suddenly runs two hours early. A payment dashboard shows yesterday's revenue in today's column. Session tokens expire at unpredictable times. These bugs ...
CSOonline

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

Threat actors have found a way to inject arbitrary JavaScript into the Flowise low-code platform for building custom LLM and agentic systems. The code injection was possible due to a design oversight, ...
TWCN Tech News

OpenClaw not running on Windows PC [Fix]

If OpenClaw is not running on your Windows PC, this post will help you. As a first-time user, installing and running OpenClaw can be frustrating because the process is pretty complicated. However, the ...
english.mathrubhumi

Why Houthi drone attack on Israel signals a wider escalation in West Asia tensions

Tehran: The recent missile launch by Yemen’s Iran-backed Houthi group towards Israel signals a possible widening of the ongoing Middle East conflict. While intercepted, the strike has raised concerns ...
theregister

Oracle unveils Project Detroit for faster Java interop with JavaScript and Python

JAVAONE Oracle has shipped Java 26, a short-term release, and introduced Project Detroit, which promises faster interop between Java, JavaScript, and Python. Java 26 will be supported for just six ...
The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish ...