New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
The Hacker News

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container ...
CoinDesk

A $300 million borrowing spike on Aave signals liquidity crunch after KelpDAO exploit

The aftershocks of the Saturday's KelpDAO hack are spreading through stablecoin markets in ways that were not immediately ...
eWeek

AI’s Double Launch Day: Claude 4.7 Surges, OpenAI Reinvents Codex

Anthropic’s Claude 4.7 and OpenAI’s Codex launch back-to-back, boosting AI coding power while quietly increasing token costs ...