Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack

Hulud, which has already compromised several open source projects and, in turn, developers and companies that use them.

New Shai-Hulud malware wave compromises 600 npm packages

Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a ...

Leaked Shai-Hulud malware fuels new npm infostealer campaign

The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected ...
cybernews

Race to tear down open source: copycats reusing TeamPCP’s code in NPM attacks

Copycat hackers are competing to win $1,000 for the largest supply chain attack using Shai-Hulud, an open-sourced worm that has brought down a few major open-source projects. Malicious NPM packages ...
WLWT

When will tickets for the 2026 Cincinnati Open go on sale?

A new year has arrived and organizers for the 2026 Cincinnati Open are already preparing for the upcoming tournament.This year’s tournament will bring the best tennis players in the world to the ...
Morning Overview on MSN

OpenAI asks all macOS users to update immediately after the TanStack attack forced the company to rotate its code-signing certificates

OpenAI is telling every Mac user running its ChatGPT or Codex desktop app to update right now. The urgency traces back to a ...
EconoTimes

OpenAI Finds No Evidence of User Data Breach in TanStack npm Supply-Chain Attack

OpenAI confirmed on Wednesday that it found no evidence suggesting user data was compromised following a security incident ...
Microsoft

CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments

Microsoft Defender is investigating a high-severity local privilege escalation vulnerability (CVE-2026-31431) affecting multiple major Linux distributions including Red Hat, SUSE, Ubuntu, and AWS ...