Shai Hulud malware turns developers into unwitting distributors in NPM supply chain attacks

Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain ...
Cybernews

Code that works can also be malware: this WhatsApp API is stealing messages

A malicious npm WhatsApp library with 56,000 downloads secretly stole messages, credentials, and contacts in a sophisticated ...
The Hacker News

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

A malicious npm package posing as a WhatsApp API intercepts messages, steals credentials, and links attacker devices after 56 ...
TestingCatalog

OpenAI launches GPT-5.2-Codex for coding and security tasks

OpenAI launches GPT-5.2-Codex for professional coding, delivering enhanced long-context support and native Windows ...

CEO spills the Tea about massive token farming campaigns

The Tea Protocol was founded by Max Howell, who created open source package manager Homebrew, and Lewis, who established ...
SecurityWeek

Unpatched Gogs Zero-Day Exploited for Months

Threat actors have exploited a zero-day vulnerability in the Gogs self-hosted Git service to compromise over 700 internet-exposed instances.
Business Insider

Coder Introduces AI Development Infrastructure for Hybrid Human and Agent Teams

AUSTIN, Texas, Dec. 09, 2025 (GLOBE NEWSWIRE) -- Today, Coder introduced new capabilities that bring AI coding agents into secure, self-hosted workspaces, enabling enterprises to adopt AI safely at ...
Wall Street Journal

OpenAI Declares ‘Code Red’ as Google Threatens AI Lead

What really happens after you hit enter on that AI prompt? WSJ’s Joanna Stern heads inside a data center to trace the journey and then grills up some steaks to show just how much energy it takes to ...
bankinfosecurity

Automated Shai Hulud Infects Thousands of NPM Repositories

The Dune-inspired Shai Hulud has returned in a weaponized upgrade, unleashing an automated supply chain worm that's infected over 25,000 npm repositories, tied to hundreds of maintainers. See Also: ...
CoinTelegraph

NPM supply-chain attack compromises major ENS and crypto libraries

A researcher warned that more than 400 NPM libraries, including at least 10 crypto packages mostly tied to ENS, were compromised by Shai Hulud malware. A major JavaScript supply-chain attack has ...
PC Gamer

Valve coder confirms the Steam Machine will be priced like a PC, albeit at a 'good deal': 'If you build a PC from parts and get to basically the same level of performance, that ...

VR Hardware Valve announces the Steam Frame: 'a new way to play your entire Steam library' Hardware Steam Machine will start shipping to Australia on the same day as the rest of the world, marking a ...
Microsoft

‘Vibe coding’ and other ways AI is changing who can build apps and how

Doher Drizzle Pablo was drowning in travel receipts. After her company transferred her to Sweden from the Philippines last year, she’d started visiting clients in at least two countries a month, and ...