Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...

Why are top university websites serving porn? It comes down to shoddy housekeeping.

Finding hijacked subdomains is straightforward. People need only enter site: [university].edu “xxx” or site: [university].edu ...

Fact Check: Don't fall for rumor Trump requested prayers for Allah to open 'Strait of Hormel'

Social media users shared an alleged presidential X post image in April 2026, weeks after he truly ended a social post with ...
The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.