Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...
MUO on MSN

This Linux shell gives you the terminal features Bash forgot to add

Finally a terminal that treats modern Linux tools as the baseline, not an afterthought.

SHub macOS infostealer variant spoofs Apple security updates

A new variant of the 'SHub' macOS infostealer uses AppleScript to show a fake security update message and installs a backdoor ...

Git is unprepared for the AI coding tsunami

Perhaps most notable is Jujutsu, a Git-compatible distributed version control system, stewarded by Google senior software ...
The Hacker News

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

CVE-2026-41940 exploitation by 2,000 IPs enabled Filemanager backdoor attacks, causing credential theft and persistent access ...

Jack Wallen

Jack Wallen is an award-winning writer for TechRepublic, The New Stack, and Linux New Media. He's covered a variety of topics ...
Hackaday

This Week In Security: Another Linux Exploit, Ubuntu Knocked Offline, Finals Interrupted, And Backdoored Tools

After the CopyFail vulnerability gave root access from any user on almost all distributions last week, this week we’ve got DirtyFrag. This chains the vulnerability in CopyFail (xfrm-ESP) and ...
The Hacker News

New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials

PamDOORa Linux backdoor abuses PAM modules for SSH persistence and credential theft, increasing Linux server compromise risks ...
SecurityWeek

‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials

The PCPJack worm targets cloud environments and vulnerable web applications to remove TeamPCP infections and steal ...

Ars Asks: Share your shell and show us your tricked-out terminals!

Exposure therapy to the bash shell brought me to the tipping point, and I jumped ship to the Macintosh side of the house. It ...

Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...
Hosted on MSN

Lightweight bash script combines five productivity tools in one

A Linux developer has released a compact Bash script, 'prod', that integrates note-taking, task management, scheduling, a pomodoro timer, and an address book into under 300 lines of code. Written ...