SecurityWeek

640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack

Approximately 640 NPM packages have been infected with a new variant of the Shai-Hulud self-replicating worm in a fresh wave of attacks.
Security Boulevard

The Latest Shai-Hulud Malware is Faster and More Dangerous

A new iteration of the Shai-Hulud malware that ran through npm repositories in September is faster, more dangerous, and more destructive, creating huge numbers of malicious repositories, compromised ...

Fake Battlefield 6 Pirated Versions and Game Trainers Used to Deploy Stealers and C2 Agents

Bitdefender Labs has identified malware campaigns exploiting the popularity of EA's Battlefield 6 first-person shooter, ...
Cybernews

Shai-Hulud supply chain attacks back with a vengeance, impacting 28k GitHub repositories

The Shai-Hulud supply chain attack campaign, responsible for compromising hundreds of CrowdStrike’s NPM packages in September ...
InfoQ

Introducing Evalite: The TypeScript Testing Tool for AI Powered Apps

Evalite is a TypeScript-native eval runner designed for AI applications, enabling developers to create reproducible evals ...

Salt Security launches ‘Ask Pepper AI’ to simplify API risk analysis

Application programming interface security company Salt Security Inc. today announced the launch of “Ask Pepper AI,” a new generative artificial intelligence-powered natural language interface for its ...

See Sketches Become Apps as Gemini 3 Pro and Vibe Workflows Cut Dev Time in AI Studio

Build faster while keeping control. Tune Parser turns dense JSON into readable code, and you add Maps and AI voices in Google ...
CSO Online

Contagious Interview attackers go ‘full stack’ to fool developers

The originators of the Contagious Interview cyberattack campaign are stitching GitHub, Vercel, and NPM together into a development and delivery pipeline to drop malware.