The ‘Miasma’ worm source code briefly leaked on GitHub

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

Miasma worms its way onto GitHub as attack kit goes open source

As if the Miasma situation weren't bad enough, now this weapon is spreading like wildfire. Someone open sourced the entire ...
The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.

Korda wins U.S. Women’s Open title with perilous final putt to claim her second straight major

Nelly Korda won the 81st U.S. Women’s Open on Sunday for her second consecutive major victory, holding off Charley Hull and ...
Tech Times

Red Hat npm Packages Compromised, 57 More Follow: Signed Attestations Cannot Block Pipeline Hijack

Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...

Ten years ago, death grabbed me by the throat. I was saved by the system – and a stranger

Ten is a foundation of mathematics, a cornerstone of the decimal system. It suggests completion, but also a building block.

Music Review: Olivia Rodrigo’s ‘You seem pretty sad for a girl so in love’ is her best work yet

Olivia Rodrigo's third album, “You seem pretty sad for a girl so in love,” is her best yet, writes The Associated Press music ...
SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...

What server logs reveal that SEO tools miss

Search engines leave behind a detailed record of every visit. Here's how that data helps uncover hidden SEO issues at scale.
Cryptopolitan on MSN

IronWorm malware plants rootkit in Arweave ecosystem npm libraries

A malware named IronWorm spread through 36 npm packages in the Arweave ecosystem, stealing developer credentials and self ...