The Hacker News

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Laravel-Lang compromise tagged 700+ versions on May 22–23, 2026, triggering PHP stealers that exfiltrate credentials.

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
GitHub

-- scripts.lua

-- Manages the SCRIPTS tab: built-in entries + auto-load from scripts.json -- Fix: clears ALL script buttons (including built-in) before reload to prevent doubling local BG = COLORS.Panel or ...
GitHub

OLMo-3-1025-7B-midtrain.py

OLMo-core / src / scripts / official / OLMo3 / OLMo-3-1025-7B-midtrain.py tyler-romero Olmo3 model cards, checkpoint manifest, and readme (#468) ...