The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
Telegraph HeraldOpinion

Farm & Food File: Screwworms eat flesh, screw-ups cost money

Poor Joe Biden. Out of office for 17 months and he’s still the reason for every Trump administration failure, large or small.
The Hacker News

New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing

FROST uses JavaScript and OPFS SSD timing to identify websites at 88.95% F1, exposing cross-browser privacy leaks.

Louisville bath products company files for bankruptcy

Louisville-based Better Bath Better Body LLC filed for Chapter 11 bankruptcy protection as revenue declined and liabilities ...
CSO Online

Protocol Buffers schemas expose remote code execution risk

Researchers at Cyera found six vulnerabilities in protobuf.js, including a flaw that can turn attacker-controlled schema data ...

Websites have a new way to spy on visitors: Analyzing their SSD activity

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique, named FROST (fingerprinting remotely using OPFS-based SSD timing), allows ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
InfoQ

NodeJS Proposes Built-In Virtual File System, Sparking Debate over AI-Generated Contributions

Matteo Collina has proposed a Virtual File System (VFS) for Node.js core through the node:vfs module. The proposal includes about 19,000 lines of code and addresses common workflow challenges. While ...
Telegraph HeraldOpinion

Farm & Food File: Big Bacon's Farm Bill carve-out needs to be carved out

Farm Bills often are loaded with special interest lard that favors, say, crop insurance companies, international grain ...

I let Claude audit my messy Home Assistant setup, and it was a massive wake-up call

I gave Claude access to my Home Assistant. It helped me audit, debug, and improve my smart home better than I ever could have ...
Tom's Hardware on MSN

Hades malware campaign now tricks AI bots by injecting text about biological and nuclear weapons

This is probably the dictionary illustration for "deceptively simple." ...
Tech Times

npm v12 Security Overhaul Blocks Install Scripts by Default: July Deadline for CI Migration

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...