Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
The Caledonian-Record

France’s parliament votes to repeal slavery-era Black Code, with tears and history in the chamber

French lawmakers have voted to repeal a 17th-century law that governed enslaved people in France's colonies. The National Assembly unanimously approved the bill to repeal the "Code Noir," a decree ...
CSO Online

TrapDoor malware campaign puts developer workstations in CISO spotlight

Malicious packages across npm, PyPI, and Crates.io show how poisoned developer workflows can become a route into enterprise systems.
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
Morning Overview on MSN

The 'mini Shai-Hulud' attack hides inside AI coding agent configs — the first supply chain attack to weaponize Claude Code and VS Code as persistence vectors

On April 29, 2026, someone slipped malicious code into four widely used SAP software packages. Within days, the infection had spread to at least 169 packages across the npm registry, the world’s ...
Morning Overview on MSN

A supply chain attack called 'Mini Shai-Hulud' poisoned official SAP packages and stole developer credentials through AI coding agent configs

On April 29, 2026, someone hijacked four widely used SAP packages on the npm registry, slipped credential-stealing malware into them, and then did something that, according to researchers at Mend.io, ...
TechRadar

This popular app builder is being abused to trick users - here's what we know

Cybercriminals abuse Bubble.io no-code platform to host phishing apps Trusted domain bypasses email security, tricking victims into Microsoft 365 credential theft Kaspersky warns technique likely to ...
GitHub

Constructor.io JavaScript Client

A JavaScript client for Constructor.io. Constructor.io provides search as a service that optimizes results using artificial intelligence (including natural language processing, re-ranking to optimize ...
The New Indian Express

Haute codes for the cold

For a brand built on the language of modern holiday dressing, snow was never meant to be a boundary. With Ski & Après Ski 2025, SHIVAN & NARRESH extend their sun-soaked codes into alpine terrain, ...
Indiatimes

Warming in Indian Ocean sees 70 cyclones in 17 years

Panaji: The frequency of cyclones has shown significant variations, with four cyclones recorded in 2024 and two so far in 2025, reflecting the ongoing impact of increased atmospheric warming in the ...
Bleeping Computer

Malicious Rust packages on Crates.io steal crypto wallet keys

Two malicious packages with nearly 8,500 downloads in Rust's official crate repository scanned developers' systems to steal cryptocurrency private keys and other secrets. Rust crates are distributed ...
GitHub

Saves the code coverage collected during Cypress tests

Note: This plugin assumes that cypress is a peer dependency already installed in your project. Then add the code below to the supportFile and setupNodeEvents function. // cypress/support/e2e.js import ...