Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard ...
Hackaday

This Week In Security: AI Generated Reports, More AI Generated Reports, GitHub Chaos, And ...

Google’s Project Zero demonstrates a new zero-click exploit for the Pixel 10 phones, showing a full escalation from remote to kernel without user interaction. During the investigation Project Zero ...

Xi and Putin wrap up talks in Beijing with no final details on gas pipeline

Moscow says an "understanding" has been reached on the project. China and Russia have long discussed a pipeline, but ...
Morning Overview on MSN

The TanStack supply chain attack poisoned 160 npm and PyPI packages — reaching OpenAI ...

On May 11, 2026, a self-replicating worm called Mini Shai-Hulud quietly slipped into 42 widely used TanStack open-source ...
Opinion

Enterprises Need To Be Careful Before They Go All-In On Anthropic

Anthropic builds powerful AI models, but the company's fear tactics, security incidents and service outages should make enterprises wary of relying on it directly.
Yahoo Finance

'Widespread' Crypto Exploit That Created Panic Steals Only $1K From Users

A large-scale hacking exploit targeting JavaScript code with malware that raised alarms earlier this week has managed to steal only $1,043 in cryptocurrency, according to data from Arkham Intelligence ...