Red Hat hit by npm supply‑chain attack - here's how to stay safe

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its own. Here's what you can do about it.
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
Morning Overview on MSN

The 'mini Shai-Hulud' attack hides inside AI coding agent configs — the first supply ...

On April 29, 2026, someone slipped malicious code into four widely used SAP software packages. Within days, the infection had spread to at least 169 packages across the npm registry, the world’s ...
MyBroadband

Claude Code trojan found in NPM

Supply chain security company Safety has discovered a trojan masquerading as Anthropic’s popular Claude Code AI software development assistant. Anthropic describes Claude Code is an agentic coding ...
NETGEAR

Disrupting Glassworm: Inside CrowdStrike’s Takedown of a Developer-Targeting Botnet

In collaboration with Google and the Shadowserver Foundation, CrowdStrike Counter Adversary Operations team struck all four of Glassworm's command-and-control (C2) channels simultaneously, severing ...