The Hacker News

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.

GitHub fixes RCE flaw that gave access to millions of private repos

In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed ...

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

It has been a bad six weeks for security firm Checmarx. Over the past 40 days, it has been the victim of at least one ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...
SecurityWeek

Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access

Pack2TheRoot, a high-severity vulnerability in PackageKit, allows users to install packages on Linux systems with root ...
The Hacker News

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture ...
VentureBeat

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a ...
deseret

House and Senate land on deal to reopen DHS, fund ICE in later spending bill

House and Senate Republicans have come to an agreement to reopen the Department of Homeland Security after weeks of negotiations, with plans to fund immigration enforcement in a later spending bill to ...
Infosecurity-magazine.com

Hackers Hijack Axios npm Package to Spread RATs

Threat actors have targeted an open source maintainer to hijack one of the most popular npm packages and spread remote access Trojans (RATs). Axios is a JavaScript library downloaded over 100 million ...
Milwaukee Journal Sentinel

InventionHome® Inventor Creates QR Code-Based Verification Platform for Improving Delivery Accuracy and Package Security

PITTSBURGH, PA, UNITED STATES, April 1, 2026 /EINPresswire.com/ — Alyssa S. of Chatham, MA is the creator of the Software QR Code to Protect Consumers, a platform ...