New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.

New GoGra malware for Linux uses Microsoft Graph API for comms

A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy ...
The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.

How A Roblox Cheat Download Triggered A $2 Million Hack At Vercel

How A Roblox Cheat Triggered A $2 Million Breach At Vercel. Why The Vercel Incident Changes The Economics Of Enterprise AI ...

Another npm supply chain worm is tearing through dev environments

Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as ...
CNET

What Is Lyria 3? Everything to Know About Google's AI Music Generator

Google's latest AI music model can create longer, higher-quality songs with better structure. But is the music any good, and ...

I built an AI tool to mimic my work. It's helped create passive income from my solo business.

A career coach used AI to vibe code an app based on her framework. It generates passive income and serves as a marketing ...

OpenAI releases Codex ‘Chronicle’ feature for enhancing context, here’s how it works

Last week, OpenAI released an all-new version of Codex for Mac that includes the best example of AI-driven computer ...

The secret to faster AI output is better prompts

With access to 10,000+ premium prompts and a system built for remixing and iteration, you can turn one successful prompt into ...

I went to an AI conference and got a crash course in middle management

At a top conference for software engineers, one thing was clear: the job has changed dramatically, and everyone will be ...
Microsoft

Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook

Threat actors are abusing external Microsoft Teams collaboration to impersonate IT helpdesk staff and convince users to grant ...

Loop raises $95M to build supply chain AI that predicts disruptions

The San Francisco startup closed a Series C funding round led by Antonio Gracias' firm Valor, which is a major backer of xAI.