Mini Shai-Hulud worm injects disk wiper into Microsoft Azure PyPI package

Supply chain attacks with a Dune sci-fi saga branding continue to spread across the open-source ecosystem, with a Microsoft ...
InfoWorld

First look: Mojo 1.0 mixes Python and Rust

Milestone Mojo release reveals a systems programming language with precise control over memory, strong types, GPU programming ...
SecurityWeek

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension, ...

Hackers have compromised dozens of popular open source packages in an ongoing supply-chain attack

Hulud, which has already compromised several open source projects and, in turn, developers and companies that use them.

Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise

Popular JavaScript modules including size-sensor and echarts-for-react hit as hijacked account closed GitHub warnings ...
Ecommerce Fastlane

SaaS Development Costs in 2026: Real Budgets, Timelines & Honest Answers — Phenomenon Studio

Phenomenon Studio reveals what SaaS, ERP, and digital product development actually costs in 2026. Real project budgets, ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

Running Claude Code or Claude in Chrome? Here's the audit matrix for every blind spot your security stack misses

Four research teams found the same confused deputy failure in Claude across three surfaces in 48 hours. This audit matrix ...

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...

AI is finding software bugs faster: Can crypto patch them fast enough?

AI is accelerating software vulnerability discovery, increasing pressure on crypto firms to track CVEs, patch systems faster ...
The Hacker News

Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

Critical out-of-bounds read in Ollama before 0.17.1 leaks process memory including API keys from over 300000 servers via ...
Bleeping Computer

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. The dangerous release is 0.23.3, ...