New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
Microsoft

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...
The Hacker News

Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials

In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code ...
techzine

Bun takes a surprising step from Zig to Rust

The developers of the JavaScript runtime Bun have decided to largely rewrite the platform in Rust. In doing so, the project is moving away from Zig, the programming language that made Bun famous in ...
theregister

Anthropic’s Bun Rust rewrite merged at speed of AI

A pull request with a Rust version of Anthropic’s Bun, a JavaScript toolkit and runtime originally written in Zig, has been merged to the main Bun repository. This comes just days after its author, ...
Wall Street Journal

I Started a Business at 67. It Has Been Much Better Than Retiring.

My late father-in-law loved orchids, and in his decadeslong passion he built and maintained two large greenhouses. At an age when most people were retired—or worse—he was still breeding new hybrids, ...
Hosted on MSN

The 'mini Shai-Hulud' attack hides inside AI coding agent configs — the first supply chain attack to weaponize Claude Code and VS Code as persistence vectors

On April 29, 2026, someone slipped malicious code into four widely used SAP software packages. Within days, the infection had spread to at least 169 packages across the npm registry, the world’s ...