The 4th Linux kernel flaw this month can lead to stolen SSH host keys

The good news is there's already a patch. The bad news is that the fix isn't available for all Linux distributions yet.
Bleeping Computer

Popular node-ipc npm package compromised to steal credentials

Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. The node-ipc ...