The Hacker News

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

npm 12 disables install scripts by default, requiring explicit approval to reduce dependency-based code execution risks.
MSN on MSN

This JavaScript risk could cost developers dearly

Recently, npm, the essential package manager used by developers worldwide, suffered a massive supply chain attack. This ...

TestSprite launches an open-source command-line tool to help AI agents check their own work

Autonomous artificial intelligence-powered software testing tool TestSprite Inc. today announced that the company has ...
GovInfoSecurity

Breach Roundup: CISA Says Agencies Should 'Patch Smarter'

This week, CISA tightened patching rules, hackers provoked AI scanners. An accused Russian intel hacker appeared in court.
The Hacker News

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...