The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

Valid certificates, stolen accounts: how attackers broke npm's last trust signal

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...
Microsoft

How Storm-2949 turned a compromised identity into a cloud-wide breach

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...
XDA Developers on MSN

My homelab monitoring broke silently until I switched from SMS to ntfy in an afternoon

The alerts finally caught up with the homelab.

OpenAI Launches Daybreak the Same Day Google Confirmed the First AI-Built Zero-Day Attack

On May 11, the same day Google's Threat Intelligence Group disclosed the first confirmed case of attackers using AI to build a zero-day exploit, OpenAI launched Daybreak, a new agentic cybersecurity ...