InfoWorld

GitHub finally pulls the plug on automatic install script execution for npm

The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took ...

Unofficial script lets you install unreleased Windows 11 features without Microsoft Account0 0

This unofficial script enables users to install and access unreleased Windows 11 features while bypassing the requirement for ...
SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...
The Hacker News

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

Multiple npm supply chain attacks used 50+ poisoned packages to spread IronWorm, a Rust-based stealer, and a Miasma worm ...
SecurityWeek

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and ...
Cryptopolitan on MSN

IronWorm malware plants rootkit in Arweave ecosystem npm libraries

A malware named IronWorm spread through 36 npm packages in the Arweave ecosystem, stealing developer credentials and self ...
Hosted on MSN

Malicious SAP npm packages target crypto wallet data

Four npm packages that were connected to SAP’s Cloud Application Programming Model were stolen. The hackers added code that steals crypto wallets, cloud credentials, and SSH keys from developers.
GitHub

pipa (枇杷) - A fast, minimal ES2023 JavaScript runtime built in Rust.

No external C libraries or system dependencies for the above — everything is implemented from scratch in Rust.
GitHub

jaywcjlove/awesome-mac

This project is dedicated to collecting high-quality macOS software and organizing them systematically by different categories for easy search and use. - jaywcjlove/awesome-mac ...