The Hacker News

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

Multiple npm supply chain attacks used 50+ poisoned packages to spread IronWorm, a Rust-based stealer, and a Miasma worm ...

Attack on GitHub.dev steals OAuth token for all repos

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...

Cloudflare acquires VoidZero, maker of the Vite JavaScript toolchain

Cloudflare Inc. today said it has acquired VoidZero Inc., the open-source company behind Vite and the widely used JavaScript ...

Big Bend steel fabricator's longtime shop site sells for $1.3M

The 3-acre property at Big Bend Industrial Park has housed the company since at least 2001. Thursday, July 16, 2026 Women of ...

Security News This Week: Crypto-Funded Chinese Peptide Labs Are Booming

Plus: Hackers use Meta’s AI bots to hack Instagram accounts, Anthropic helps NSA hackers, a decades-long GPS satellite ...

New Kinaxis CEO bets Ottawa supply chain software company will be a SaaS-pocalypse winner

Some cloud software companies are weathering the so-called “SaaS-pocalypse” better than others. Kinaxis Inc. KXS-T chief ...
Dark Reading

DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks

A sneaky IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones ...
LGBTQ NationOpinion

The attacks on James Talarico’s masculinity hurt everyone, including the people who lob them

Societal heterosexism and cissexism prevent some LGBTQ people from developing authentic self-identities and add to the ...
Microsoft

Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us

A surge in real-world attacks against agentic AI systems is reshaping how we think about risk. Based on 12 months of red ...
Foreign Affairs

Why a Cease-Fire Is Now a Real Possibility

The war in Ukraine has reached a turning point. Since the failure of Ukraine’s 2023 counteroffensive, Russia’s full-scale invasion settled into a predictable rhythm of summer and winter offensives, ...
Opinion
Foreign AffairsOpinion

The Day After in Cuba

A few weeks later, the president told a business forum that after Iran, Cuba “is next.” Already, the United States has imposed a near-total oil blockade of the country, plunging much of it into ...
The Next Web

A WordPress plugin sold to 15,000 sites has a flaw that lets anyone create an admin account, and attackers are already using it

CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create admin accounts on 15,000+ WordPress sites. Wordfence blocked 2,858 attacks in 24 hours.