Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
Live Bitcoin News

The npm Package That Wipes Your Files When You Try to Stop It

An attacker poisoned 84 TanStack npm versions across 42 packages, stealing GitHub OIDC tokens and cloud keys while planting a ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
OPB

Support OPB

Want to join a community of passionate, engaged supporters who make significant investments to support OPB’s work? Join an OPB Giving Circle. Leave a Legacy Help OPB thrive as an essential public ...
ProPublica

ProPublica — Investigative Journalism and News in the Public Interest

Leonardo Garcia Venegas, a U.S. citizen whose prior detentions went viral and were detailed by ProPublica, was recently detained for a third time — and shackled. “I just want to live in peace,” he ...
FactCheck.org

Ask FactCheck

Have a question for FactCheck? Ask us. Please also see our Ask SciCheck archives for questions answered by our SciCheck team. If you have a question about a social media post, we may have already ...
NPR

News

NPR news, audio, and podcasts. Coverage of breaking stories, national and world news, politics, business, science, technology, and extended coverage of major national and world events.