AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
Engadget

YouTube TV launches curated subscription packages this week

YouTube is launching YouTube TV Plans this week, after revealing the program back in December. These are genre-specific subscription packages that let users opt into ...
Variety

YouTube TV Reveals Pricing, Channels for Lower-Cost Packages Launching This Week

Starting this week, YouTube TV will start selling stripped-down bundles — packaged into genres including sports, news and entertainment — that cost less than its core $82.99/month plan. It’s not quite ...
CNET

YouTube TV Launches a Raft of New Streaming Packages From $55 a Month

Kourtnee covers TV streaming services and home entertainment. She previously worked as an entertainment reporter at Showbiz Cheat Sheet, where she wrote about film, television, music, celebrities and ...
InfoWorld

Beyond NPM: What you need to know about JSR

NPM, the Node Package Manager, hosts millions of packages and serves billions of downloads annually. It has served well over the years but has its shortcomings, including with TypeScript build ...
The Hill

Senate passes massive government funding package, sending it to House

The Senate voted overwhelmingly Friday to pass a major funding package consisting of five regular appropriations bills and a two-week stopgap measure for the Department of Homeland Security (DHS) but ...
CBSSports.com

Ranking Giannis Antetokounmpo trade packages: Who can make best deadline offer?

Giannis Antetokounmpo wants the Milwaukee Bucks to trade him even if he won't make an official request. All reporting indicates it's a near certainty to happen in the next five-plus months. The ...
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Half a dozen vulnerabilities in the JavaScript ecosystem’s leading package managers — including NPM, PNPM, VLT, and Bun — could be exploited to bypass supply chain attack protections, according to ...
InfoWorld

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ‘the JavaScript ecosystem deserves better.’ Javascript developers should ...
ZDNet

I've tried nearly every Linux package manager - these remain my favorite

Linux has numerous package managers. There are command-line and GUI tools for the task. Not all package managers are created equal. When I first started using Linux, the package manager was called ...