The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

Mountaineers’ ascent to CWS started after fortuitous decision to keep program after entry to Big 12

West Virginia will make its first appearance in the College World Series on Friday when it meets Troy in Omaha, Nebraska.
The Hacker News

New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing

FROST uses JavaScript and OPFS SSD timing to identify websites at 88.95% F1, exposing cross-browser privacy leaks.

Goodbye, Mall at Fox Run: Demolition making way for Seacoast Landing

Demolition of Savers and Newington Park Shopping Center begins. Mall at Fox Run is next. Here's what we learned about ...

Last chance to file claims in Trader Joe's settlement. How to get money

Trader Joe's shoppers, you could be eligible for a payout. The deadline to file a claim is just days away.

Is the government spying on you? Congress seems to think so.

Congress is struggling to extend a key surveillance law — in part due to privacy concerns and to Trump's pick of Bill Pulte ...
Opinion
HackadayOpinion

This Week In Security: Messing With AI, 7Zip And Notepad++ Vulnerabilities, HTTP2 Bomb, And More

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...

DocLang aims to make documents readable by AI, not humans

Its launch raises the question of what impact a new format will have on human workers, as well as on governance and ...

Microsoft June 2026 Patch Tuesday fixes 6 zero-days, 200 flaws

Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws, including five publicly disclosed zero-day ...
SecurityWeek

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and ...