Tech Times

npm v12 Security Overhaul Blocks Install Scripts by Default: July Deadline for CI Migration

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...
InfoWorld

GitHub finally pulls the plug on automatic install script execution for npm

The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took ...
CoinDesk

Microsoft found malware that hijacks crypto wallets and spreads through USB sticks

The software intercepts shortcut files and directs them to install a worm that harvests private keys from the Windows ...
SecurityWeek

NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks

In response to recent software supply chain attacks, NPM version 12 is blocking the automatic script execution at install.
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...

Kalshi promo code ALCOM15: Cristiano Ronaldo World Cup markets

This is his shot at the World Cup, so it makes sense that there are plenty of World Cup markets to trade on. Deposit & trade ...
Tech Times

Homebrew 6.0.0 Adds Tap Trust to Block Rogue Ruby Installs, Starts Intel Countdown

Homebrew 6.0.0 shipped June 11 with tap trust, a mechanism that blocks arbitrary Ruby code from third-party taps until ...

I let Claude audit my messy Home Assistant setup, and it was a massive wake-up call

I gave Claude access to my Home Assistant. It helped me audit, debug, and improve my smart home better than I ever could have ...
autoevolution

Hot Head Got 1968 Camaro SS 396 Four-Speed in 1976, Put It in Garage in 1982, Never Touched It Since

The seller, Rick, had owned the black-painted pony car for half a century, having purchased it back in 1976. As a college ...
The Hacker News

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

Microsoft fixed a critical Copilot Enterprise Search flaw that could expose emails, calendars, and indexed files through one ...

OpenAI acquires AI agent orchestration startup Ona

OpenAI Group PBC today announced plans to acquire Ona, a startup with a platform for managing long-running artificial ...