Popular Windows 11 file manager Files gets improved tags, layouts, and new OneDrive icon

A new version of Files, a popular file manager for Windows 10 and 11, is out with improved folder size calculation, a new ...
Cryptopolitan

Attackers trojanized Arweave’s WeaveDB npm package to deploy malware

A malware named IronWorm spread through 36 npm packages in the Arweave ecosystem, stealing developer credentials and self ...
The Hacker News

New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing

FROST uses JavaScript and OPFS SSD timing to identify websites at 88.95% F1, exposing cross-browser privacy leaks.
The Hacker News

ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories

Weekly ThreatsDay recap: old bugs, fake tools, shady payload tricks, AI mishaps, and the usual reminder that the internet is ...
Bleeping Computer

New IronWorm malware hits 36 packages in npm supply-chain attack

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and ...

Is India’s exam system really secure? NTA portal breached, superadmin access bypassed; JEE Advanced data exposed

Dubai-based cybersecurity researcher Rylan Anil has claimed that he identified a major security lapse in the NTA’s official re-examination portal.

OneDrive is getting an AI feature that names your files so you don’t have to

Copilot Suggested Rename is coming to OneDrive on the web in June 2026, using AI to analyze your file's content and suggest three descriptive names inside the rename dialog.
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
Microsoft

Typosquatted npm packages used to steal cloud and CI/CD secrets

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

The AI company's Bumblebee tool tackles your most urgent question after any supply‑chain advisory: Do your programmers have ...