Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...
SecurityWeek

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...
Live Bitcoin News

npm Supply Chain Attack Hits @antv: Blockchain Dev Secrets Now Exposed

Mini Shai-Hulud npm campaign compromises @antv packages, targeting blockchain developers' GitHub tokens, AWS keys, and CI/CD secrets in a coordinated supply chain attack.

Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens ...
CSO Online

Internet Explorer may be dead, but its ghost still runs malware

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say ...

New York Times files second lawsuit over Pentagon press policy

The lawsuit argued that the Pentagon's new policy, which requires journalists to be escorted through the building, is "patently unconstitutional." ...
Biometric Update

1Password, Keycard present tools for secure AI agent credential delegation

Most teams are still securing access with static credentials built for human operators, not for autonomous agents. This ...

After bitter primary loss, what's next for Massie and KY allies?

U.S. Rep. Thomas Massie's time in Congress will end once we reach 2027. But his allies expect him to remain an influential ...
Indianapolis Business Journal

5 of 7 IPS school board seats to be on November ballot after Impink announces resignation

Allissa Impink plans to resign from the IPS board on June 15 after winning the Democratic primary election for state Senate ...
CPO Magazine

Security Flaw in Claude AI Chrome Extension Enables Attackers to Execute Privileged Commands and Steal Data

A security flaw in “Claude in Chrome” enables any Chrome extension, including those without permissions, to execute ...
Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.