The Hacker News

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.

Page 2: OpenTelemetry for MemoryCache

The fourth preview brings new methods to existing classes in the .NET base class library and a new configuration file for ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

毎週数百万回ダウンロードされる人気JavaScriptライブラリ群「TanStack ...

JavaScriptやReact周辺の開発で広く使われているライブラリ群「TanStack」のnpmパッケージに、攻撃者がマルウェア入りのバージョンを公開するサプライチェーン攻撃が行われました。TanStack公式の事後報告によると、攻撃者は2026 ...

Malicious npm packages: SAP software compromised

Several SAP npm packages were exposed to a supply chain attack. The hacker group TeamPCP is behind it, say security researchers.

Income tax return AY 26-27: Excel utility, online filing for ITR-1, and ITR-4 forms now ...

The Income Tax Department has launched Excel utilities and online filing for ITR-1 and ITR-4 for the Assessment Year 2026-27.