The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Dark Reading

Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories

A variant of the infamous Shai-Hulud worm wreaked havoc on Microsoft's code repositories, triggering disruptions to CI/CD workflows and heightening concerns about increasing software supply chain ...
TechCrunch

Microsoft’s open source tools were hacked to steal passwords of AI developers

Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code ...
Wall Street Journal

IBM, Red Hat Pledge $5 Billion for AI-Driven Open Source Security Initiative

International Business Machines and Red Hat have committed $5 billion to establish a new model for open-source software, aiming to secure software supply chains for enterprises. Under the new project, ...
VentureBeat

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
Morningstar

ADEX Publishes Analysis of XCSSET Malware: Research Details How Active Infection Spreads Silently Through Xcode Projects, GitHub Repositories, and Developer Credentials

LIMASSOL, Cyprus, May 19, 2026 /PRNewswire/ -- The ADEX security team has released a detailed technical case study documenting a live XCSSET infection detected, captured, and analyzed within a client ...
WTHR

Army veteran in Indianapolis gets home repairs through company's 'roof deployment project'

INDIANAPOLIS — On Tuesday, an Army veteran got a new roof for his Indianapolis home, thanks to the Owens Corning Roof Deployment Project and Purple Heart Homes. The project is a nationwide effort to ...
Microsoft

Accenture is rolling out Copilot to a workforce the size of Denver. Here’s how they’re doing it.

Deploying Microsoft 365 Copilot to 20,000 employees might sound like a big undertaking, but Accenture was just getting started. The global professional services firm is rolling out Copilot across its ...
Bleeping Computer

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. The dangerous release is 0.23.3, ...
CSOonline

Bitwarden CLI password manager trojanized in supply chain attack

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may be behind a spate of recent supply chain attacks. Researchers warn of a new ...
SiliconANGLE

Anthropic launches Claude Design to speed up graphic design projects

The latest addition to Anthropic PBC’s product portfolio is Claude Design, a tool that enables users to generate visual assets with prompts. The company launched the offering into public preview today ...