The Hacker News

Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry

A new Shai-Hulud npm strain and a fake Jackson Maven package show how attackers abuse trusted dependencies to steal secrets ...
theregister

Shai-Hulud worm returns, belches secrets to 25K GitHub repos

A self-propagating malware targeting node package managers (npm) is back for a second round, according to Wiz researchers who say that more than 25,000 developers had their secrets compromised within ...
Bleeping Computer

Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub

Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. The malicious ...
TheServerSide

Tough GH-900 GitHub Foundations Sample Questions and Answers

Community driven content discussing all aspects of software development from DevOps to design patterns. Over the past year, I’ve been helping professionals who’ve found themselves displaced by the AI ...
TheServerSide

How to git push an existing project to GitHub

Community driven content discussing all aspects of software development from DevOps to design patterns. I’m going to show you both ways to do it, and I promise you, using the easy way is going to save ...
Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...
ABC News

Tariffs on small-value packages go into effect as loophole ends

Previously, small-value packages under $800 were exempt from tariffs. A shipping loophole exempting small-value packages from tariffs ended at 12:01 a.m. Friday, meaning that packages shipped into the ...
Bleeping Computer

Hackers breach Toptal GitHub account, publish malicious npm packages

Update 8/5/25: Added Toptal's statement at the end of the article, which says their investigation determined noone was impacted by this breach. Hackers compromised Toptal's GitHub organization account ...
CSOonline

GitHub package limit put law firm in security bind

A cautionary tale of how a developer tool limit case could derail cybersecurity protections if not for quick thinking, public outreach, longtime relationships, and a vendor willing to listen and ...
CBS News

Did you receive an unsolicited Temu or Amazon package? It might be a brushing scam.

A Minnesota woman received a box filled with baby reveal balloons from Amazon. A family in Illinois had dozens of boxes from Temu delivered to their doorstep, including military hats and cameras. A ...
New York Post

Received a package from an unknown sender? Experts warn of new ‘brushing’ scam — here’s how to protect yourself this Christmas

Don’t brush off this warning. As a flurry of holiday gifts arrive on people’s doorsteps this season, unsuspecting shoppers could also receive packages addressed to them that they never ordered. With a ...