CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...
NewsNation

Volunteers create care packages for troops | NewsNation Live

Volunteers are supporting members of the military stationed abroad by assembling care packages to be sent to service members. Many troops stationed abroad may not get mail from back home, and ...
The Hacker News

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing ...
Security Boulevard

Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign

The post Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign appeared first on Tenable Blog. A self-propagating worm has compromised more than 170 npm and ...
IT News For Australia Business

Mini Shai-Hulud worm injects disk wiper into Microsoft Azure PyPI package

Supply chain attacks with a Dune sci-fi saga branding continue to spread across the open-source ecosystem, with a Microsoft package being among the latest target of worm-like malware that steals ...
Morning Overview on MSN

Three separate supply-chain attacks hit npm, PyPI, and Docker Hub within 48 hours — all three targeted developer cloud credentials and SSH keys

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...
Bleeping Computer

New Shai-Hulud malware wave compromises 600 npm packages

Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a new Shai-Hulud supply-chain campaign. Most of the affected packages are in ...

Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that compromised LiteLLM, a widely used open-source Python ...
Harvard Business Review

Build a Corporate Culture That Works

Start by thinking about the dilemmas your people will face. by Erin Meyer At the beginning of my career, I worked for the health-care-software specialist HBOC. One day, a woman from human resources ...
GitHub

Zero-dependency CLI scanner for npm and PyPI supply chain compromises.

On May 11, 2026, a self-propagating supply chain worm dubbed Mini Shai-Hulud (CVE-2026-45321, GHSA-g7cv-rxg3-hmpx) compromised the npm ecosystem. Attributed to TeamPCP (aka DeadCatx3, PCPcat, ...
GitHub

TODO.md

#268 [AIT-3] Implement Empty Trash on Startup (Deleted Tasks) #AIT-3 #cleanup #feature #linear (2026-01-29) Linear issue: https://linear.app/fxstein/issue/AIT-3 ...
Bleeping Computer

OpenAI confirms security breach in TanStack supply chain attack

OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate code-signing certificates for ...