The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
ITWeb on MSN

The Open Group launches the Open Footprint® standard, edition 1.0 to streamline scope 1, 2, and 3 emissions management

The Open Group Launches the Open Footprint® Standard, Edition 1.0 to Streamline Scope 1, 2, and 3 Emissions ManagementBusiness Wire via ITWeb,SAN FRANCISCO, 02 Jun 2026The Open Group, the ...
SecurityWeek

Supply Chain Attack Hits 32 Red Hat NPM Packages

Hackers published 96 malicious package versions, injected with a credential-stealing worm similar to Mini Shai-Hulud. On Monday, hackers hit Red Hat’s NPM repository in a new supply chain attack, ...

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

The AI company's Bumblebee tool tackles your most urgent question after any supply‑chain advisory: Do your programmers have this malware installed?
Security Boulevard

Axios Front-End Library npm Supply Chain Poisoning Alert

On March 31, NSFOCUS CERT detected that the npm repository of the HTTP client library Axios was poisoned by the supply chain. The attacker bypassed the normal GitHub Actions CI/CD pipeline of the ...
The Business Journals

Starbucks expands corporate offices to Nashville

To continue reading this content, please enable JavaScript in your browser settings and refresh this page. Preview this article 3 min The Fortune 500 business and ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

Microsoft Defender Experts identified a coordinated developer-targeting campaign delivered through malicious repositories disguised as legitimate Next.js projects and technical assessment materials.
GitHub

code-423n4/2026-02-injective

Since this audit includes live/deployed code, all submissions will be treated as sensitive: The peggy rate limit feature enforces a maximum absolute mint limit over which new deposits cannot make it ...
IEEE

Scoped: Evaluating A Composite Visualisation of the Scope Chain Hierarchy Within Source Code

Abstract: This paper presents two studies that evaluate the effectiveness of a software visualisation tool which uses a com-posite visualisation to encode the scope chain and information related to ...
Bleeping Computer

Self-propagating supply chain attack hits 187 npm packages

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack, with a malicious self-propagating payload to infect other packages. The coordinated ...
Bleeping Computer

Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys. The attack was discovered by ...
InfoWorld

Wave of npm supply chain attacks exposes thousands of enterprise developer credentials

A sophisticated supply chain attack has compromised the widely-used Nx build system package and exposed thousands of enterprise developer credentials. The campaign weaponized artificial intelligence ...