Leaked Shai-Hulud malware fuels new npm infostealer campaign

The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected ...
Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...
SecurityWeek

Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass

Microsoft has announced mitigations for CVE-2026-45585, a BitLocker bypass triggered via FsTx in Windows Recovery.

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...
app.com

ANY.RUN Releases Malware Trends Report for Q4 2025, Highlighting Key Threat Landscape Shifts

DUBAI, DUBAI, UNITED ARAB EMIRATES, January 7, 2026 /EINPresswire.com/ — ANY.RUN, a leading provider of interactive malware analysis and threat intelligence ...
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...
PC Magazine

The Best Hardware Security Keys for 2026

Protecting your online accounts is crucial, and a hardware security key is one of your most effective defenses. These are the top security keys we've tested for keeping your information private and ...
The New York Times

4 Easy Ways to Make Sure No One Can Read Your Text Messages

We independently review everything we recommend. When you buy through our links, we may earn a commission. Learn more› By Max Eddy Max Eddy is a writer who has covered privacy and security — including ...