Red Hat hit by npm supply‑chain attack - here's how to stay safe

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
The Hacker News

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

Multiple npm supply chain attacks used 50+ poisoned packages to spread IronWorm, a Rust-based stealer, and a Miasma worm ...

Attack on GitHub.dev steals OAuth token for all repos

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...
The Hacker News

FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads

Operation FlutterBridge is a macOS malvertising campaign spreading FlutterShell, a Flutter-based backdoor with adware ...

Russia to bolster air defences after damaging Ukrainian drone attacks

Recent drone attack hit Kronstadt naval base and an oil terminal near St. Petersburg in an embarrassing blow to Putin ...
Bleeping Computer

New IronWorm malware hits 36 packages in npm supply-chain attack

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and ...
LGBTQ NationOpinion

The attacks on James Talarico’s masculinity hurt everyone, including the people who lob them

Societal heterosexism and cissexism prevent some LGBTQ people from developing authentic self-identities and add to the ...
Redmondmag.com

Supply Chain Attack Hits Microsoft GitHub Repos, AI Coding Tools

GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a supply chain attack aimed at developer workstations and AI ...

Fake Claude Code Installers Deliver Credential-Stealing Malware

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other ...

New SF LGBT Center executive director takes helm amid federal attacks

The Center serves as a third space for the community and often the first stop for people arriving in San Francisco. Valles ...
LGBTQ NationOpinion

With its efforts to placate Trump, business is proving once again that it is a fickle LGBTQ+ ally

Companies that once boasted they were LGBTQ+ friendly are jettisoning their support to protect their bottom line.