The ‘Miasma’ worm source code briefly leaked on GitHub

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain ...
SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

Tatjana Maria surprised at Queen’s wild card snub despite being defending champion

Defending Queen’s champion Tatjana Maria said she was surprised not to receive a wild card into this year’s HSBC ...
The Hacker News

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

Multiple npm supply chain attacks used 50+ poisoned packages to spread IronWorm, a Rust-based stealer, and a Miasma worm ...
Android

Infostealer Malware Sneaks into Popular Codex UI Tool After One Month of Building Trust

Cybersecurity researchers at Aikido Security have uncovered a malicious supply chain attack targeting OpenAI Codex developers via the npm package “codexui-android”. While the associated GitHub ...

American writer Julia Elliott wins Carol Shields Prize for Fiction for short-story collection Hellions

South Carolina writer Julia Elliott has won the 2026 Carol Shields Prize for Fiction for her short-story collection Hellions.

RBC’s insurance head to depart two years into group executive role

Royal Bank of Canada RY-T is restructuring the leadership of its insurance arm, changes driven by the departure of the division’s head. Jennifer Publicover, who runs RBC Insurance, is leaving the bank ...
Huffington Post UK

You Might Have Fallen For This CAPTCHA Scam Without Realising — Here's What To Do Now

You’ve likely seen it in the form of quick tasks like deciphering distorted text, identifying objects in images or simply checking the “I’m not a robot” box. These steps help websites prevent ...
GitHub

2026-05-01-WebSocket-Backdoor-Campaign-Injecting-Credit-Card-Skimmers.txt

- Obfuscated JavaScript creates a WebSocket backdoor using dynamically executed JavaScript. - The WebSocket sends an obfuscated JavaScript payload to inject a credit card skimmer into the webpage. - ...