The Hacker News

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.

A Comprehensive Guide to JSON Validation and Cleaning for Robust Applications

This guide delves into the intricacies of JSON validation and cleaning, providing essential insights and practical steps to ensure your data structures are always pristine and compliant.

Page 2: OpenTelemetry for MemoryCache

The fourth preview brings new methods to existing classes in the .NET base class library and a new configuration file for ...

Income tax return AY 26-27: Excel utility, online filing for ITR-1 and ITR-4 now available ...

Income tax return AY 26-27: The Income Tax Department has launched Excel utilities and online filing for ITR-1 and ITR-4 for ...
Decrypt

Fake OpenAI Repo Hit #1 on Hugging Face—And Stole Passwords While It Trended

A fake repo impersonating the OpenAI Privacy Filter model racked up 244,000 downloads in under 18 hours before Hugging Face ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

毎週数百万回ダウンロードされる人気JavaScriptライブラリ群「TanStack ...

JavaScriptやReact周辺の開発で広く使われているライブラリ群「TanStack」のnpmパッケージに、攻撃者がマルウェア入りのバージョンを公開するサプライチェーン攻撃が行われました。TanStack公式の事後報告によると、攻撃者は2026 ...

Malicious npm packages: SAP software compromised

Several SAP npm packages were exposed to a supply chain attack. The hacker group TeamPCP is behind it, say security researchers.