NOAA forecasts below-normal hurricane season but warns against complacency in preparations

Federal forecasters are predicting fewer storms than usual this hurricane season, but they're pointing to two devastating ...

After cyberattacks: TanStack considers restrictions for pull requests

TanStack tightens security measures after supply chain attacks. Pull requests may soon only be possible by invitation.

PharMerica to close Kaneohe facility after losing contract

The 10 employees at the Kaneohe location will be transferred to the new contract holder. PharMerica operates five facilities ...
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
InfoQ

TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...
InfoWorld

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...
Security Boulevard

Hidden Risks Behind HTTP Request Smuggling

Web applications rely on multiple layers of infrastructure to process user requests efficiently. Load balancers, reverse proxies, caching servers, and application servers all work together to improve ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

Wix vs. Squarespace: I compared two of the top website builders, and this one wins

Wix vs. Squarespace: I compared two of the top website builders, and this one wins ...

OpenAI says no user data stolen after supply-chain hackers accessed employee devices

OpenAI said it found no evidence that user data was accessed after a supply-chain attack involving the TanStack npm library.