EconoTimes

OpenAI Finds No Evidence of User Data Breach in TanStack npm Supply-Chain Attack

OpenAI confirmed on Wednesday that it found no evidence suggesting user data was compromised following a security incident ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

毎週数百万回ダウンロードされる人気JavaScriptライブラリ群「TanStack ...

JavaScriptやReact周辺の開発で広く使われているライブラリ群「TanStack」のnpmパッケージに、攻撃者がマルウェア入りのバージョンを公開するサプライチェーン攻撃が行われました。TanStack公式の事後報告によると、攻撃者は2026 ...
Morning Overview on MSN

Malicious open-source packages have surged 73% in 2026 as attackers poison the software ...

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...
InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

Online archives of over 20 years of tech reporting | The Register

Dive into The Register's online archive of incisive tech news reporting, features, and analysis dating back to 1998 ...
MSN による配信

North Korea-linked hackers used fake Teams updates to hit Axios npm

The tactical sequence here is worth breaking down because it reveals a deliberate two-stage approach. First, the attackers did not try to brute-force their way into npm infrastruc ...
The Hacker News

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...