New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
BeInCrypto

What Are Pre-IPO Tokens? How Tokenized Private Equity Works

Pre-IPO tokens give retail investors fractional exposure to private companies like SpaceX. Learn how they work, the risks, and where to buy them.

You’re about to feel the AI money squeeze

The Verge’s senior AI reporter. An AI beat reporter for more than five years, her work has also appeared in CNBC, MIT ...
CoinDesk

How Anthropic’s Mythos model is forcing the crypto industry to rethink everything about security

DeFi leaders say that AI will arm both attackers and defenders, and widen the gap between projects that prioritize security ...

Trigona ransomware attacks use custom exfiltration tool to steal data

Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised ...
eWeek

Unauthorized Group Gains Access to Anthropic’s Mythos AI

Anthropic is investigating reports that unauthorized users accessed its Mythos AI tool via a vendor, raising cybersecurity ...
Forbes

Top 10 Cryptocurrencies Of April 7, 2026

Farran Powell is the managing editor of investing at Forbes Advisor. She was previously the assistant managing editor of investing at U.S. News & World Report. Her work has appeared in numerous ...