The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.

New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
Bleeping Computer

Backdoored Telnyx PyPI package pushes malware hidden in WAV audio

TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. Earlier today, the ...
SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.
TWCN Tech News

Bulk install Windows apps with Winstall GUI for Windows Package Manager

Winstall is a website that can create a script based on app selection. When you run this script on Windows 10 PC, it will install all the apps you had selected on the website. While it lists some of ...
Hosted on MSN

Trump vents at NATO but avoids rupture after meeting with alliance’s leader

President Donald Trump appeared to hold back on Wednesday from taking dramatic action to reshape the U.S. relationship with NATO after a high-stakes meeting with its top leader, postponing for now the ...