The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

Belarus-aligned FrostyNeighbor attacks Ukrainian government, again — ESET Research discovers

FrostyNeighbor, a long-running cyberespionage actor apparently aligned with the interests of Belarus, has been active recently in campaigns ...
Opinion

Around 10 'new' victims in France's Epstein probe have come forward, prosecutor says

A document that was included in the US Department of Justice release of the Jeffrey Epstein files, 10 February, 2026 ...

Musk loses OpenAI court battle after jury finds he waited too long to sue

Jurors spent nearly a month hearing and viewing evidence in the high-profile trial, where Musk had accused Altman of ...

Google’s Mueller On Why AI-Built Websites Miss SEO Basics

AI tools can build websites fast, but Mueller says they won't set up your canonicals, sitemaps, or robots.txt unless you tell ...
Dark Reading

'FrostyNeighbor' APT Carefully Targets Govt Orgs in Poland, Ukraine

A known Belarussian cyber-espionage group is back with a threat campaign against targets in Eastern Europe that uses spear-phishing to deliver malicious payloads to Eastern European government and ...
CSO Online

Expired domain leads to supply chain attack on node-ipc npm package

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...
Decrypt

Hackers Insert Malware Into Mistral AI Software Download

Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...

Don King-linked jai alai arena files Chapter 11. Is housing in future?

An entity of legendary boxing promoter Don King, who introduced the world to Muhammad Ali and Mike Tyson, owned the Palm ...

Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering

Four supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days — none inside the model. A 7-row matrix maps what AI ...

Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...