The Hacker News

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...
Tech Xplore

What confusing code does to developers: Brain and eye tracking reveal surprise response

How do software developers respond when they come across code they do not intuitively understand? Neuropsychologists have now ...

GitHub pulls pin on npm's auto-run scripts

GitHub will change npm's defaults so the install command no longer runs scripts automatically, disabling a feature commonly ...
InfoWorld

GitHub finally pulls the plug on automatic install script execution for npm

The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took ...

Block: Great Long-Term Play As AI Boosts Efficiency And Cash App Expands

Block (SQ) stock analysis: aggressive cost cuts and AI-driven product innovation could boost growth as semis cool. Click here ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

Can you go 82-0? Every player who is a cheat code in new, viral NBA game

That's the best regular-season record, but just like the 73-9 Warriors, the job isn't done with that record in the viral 82-0 ...
Tech Times

Red Hat npm Packages Compromised, 57 More Follow: Signed Attestations Cannot Block Pipeline Hijack

Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...
Tech Times

SVG Phishing Emails Bypass Email Security: SANS Flags New MIME-Type Evasion

SVG phishing email attacks are bypassing enterprise email security gateways by hiding JavaScript inside image files and ...
diginomica

Determinism all the way down – how UiPath's market bet and the engine beneath it turn out to be the same idea

UiPath cofounder and CEO Daniel Dines goes deep on the machinery under the platform – the Temporal engine that lets an ...
Martin Cid Magazine

Malicious code hid inside Red Hat’s npm packages and spread to steal cloud keys

Security researchers found malicious code buried inside more than 30 of Red Hat's official software packages, built to ...
Dark Reading

With Complex Cloud Integrations, Small Errors Lead to Major Compromises

Cybersecurity researchers create a five-step exploit chain using over-permissioned roles, secrets discovery, and NHIs to attack a popular low-code service.