The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
Smithsonian Magazine

Could Python Blood Lead to the Next Generation of Weight-Loss Drugs?

Researchers discovered an appetite-suppressing molecule in python blood. If one day turned into a medication, it might lack ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

University of Colorado study finds python blood could lead to weight loss drug with fewer side effects

A compound found in python blood could lead to a new kind of weight loss drug, one that suppresses appetite without some of ...
XDA Developers on MSN

A popular Python library just became a backdoor to your entire machine

Supply chain attacks feel like they're becoming more and more common.
SecurityWeek

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack

Aqua Security’s Trivy vulnerability scanner was compromised in a supply chain attack, leading to information-stealing ...
Security Boulevard

CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were ...
BBC

Officer reportedly leaks location of French aircraft carrier with Strava run

A French officer has reportedly revealed the location of an aircraft carrier deployed towards the Middle East after publicly registering a run on sports app Strava. French news outlet Le Monde first ...
Wall Street Journal

U.S. Races to Accomplish Iran Mission Before Munitions Run Out

President Trump said there would likely be more American casualties as the U.S. military continues strikes against Iran. Photo: The White House When the U.S. military’s top general laid out the risks ...
CNBC

Goldman Sachs taps Anthropic’s Claude to automate accounting, compliance roles

Embedded Anthropic engineers have spent six months at Goldman building autonomous systems for time-intensive, high-volume back-office work. The bank expects efficiency gains rather than near-term job ...