Bleeping Computer

Popular node-ipc npm package compromised to steal credentials

Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. The node-ipc ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
Visual Studio Magazine

TypeScript 5.9 RC Brings Deferred Imports, Node.js 20 Module Target

TypeScript 5.9 has reached the release candidate (RC) stage with enhancements for modern module behavior, hover tooltips, and deferred module evaluation. Microsoft announced the RC on July 25, ahead ...
GitHub

NVIDIA Linux Open GPU Kernel Module Source

Note that the kernel modules built here must be used with GSP firmware and user-space NVIDIA GPU driver components from a corresponding 595.71.05 driver release. This can be achieved by installing the ...
The Hacker News

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. mbt@1.2.48 @cap-js/db-service@2.10.1 @cap ...
Bleeping Computer

New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts. The threat ...