InfoWorld

Attack targeting OpenAI Codex users exposes AI software supply chain risks

The incident highlights how attackers can hide malicious code in software packages that differ from the source code available ...
Infosecurity Magazine

Attackers Hijack Red Hat npm Scope to Steal Cloud Secrets

Red Hat's official npm namespace has been hijacked to push backdoored package versions built to steal cloud and developer ...
ITWeb on MSN

The Open Group launches the Open Footprint® standard, edition 1.0 to streamline scope 1, 2, and 3 emissions management

The Open Group Launches the Open Footprint® Standard, Edition 1.0 to Streamline Scope 1, 2, and 3 Emissions ManagementBusiness Wire via ITWeb,SAN FRANCISCO, 02 Jun 2026The Open Group, the ...
Microsoft

Typosquatted npm packages used to steal cloud and CI/CD secrets

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

The AI company's Bumblebee tool tackles your most urgent question after any supply‑chain advisory: Do your programmers have ...
The Hacker News

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.
Hackaday

This Week In Security: AI Generated Reports, More AI Generated Reports, GitHub Chaos, And More Linux Vulnerabilities

Google’s Project Zero demonstrates a new zero-click exploit for the Pixel 10 phones, showing a full escalation from remote to kernel without user interaction. During the investigation Project Zero ...
GIGAZINE

The popular JavaScript library suite 'TanStack,' which is downloaded millions of times every week, has been hit by a supply chain attack; development environments with the ...

A supply chain attack was carried out against TanStack, a set of libraries widely used in JavaScript and React development, by releasing malware-infused versions of its npm packages. According to ...
manilatimes

Treno Scope Announces Completion of Full-Stack Data Integration for BNB Chain Ecosystem, Building the First "Native-Level" Web3 Data Infrastructure of Southeast Asia

New York, May 06, 2026 (GLOBE NEWSWIRE)-- As Southeast Asia emerges as a crucial region for Web3 user growth and the deployment of on-chain applications, market demand for low-latency, verifiable, and ...
The Hill

Iran calls for human chains around power plants ahead of Trump deadline

Iranian officials on Tuesday urged their people to form human chains around power plants as the country faces a deadline set by President Trump to reopen the Strait of Hormuz or risk major strikes on ...
CSOonline

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem. Attackers ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...