The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

Malicious npm package targeting OpenAI Codex users steals authentication tokens

The tool gathered over 29,000 downloads before the malicious npm package was identified ...
Arizona Daily Sun

Vitalant holding blood drives in Flagstaff, northern Arizona this June

Vitalant has announced its June blood drive locations for northern Arizona, with options in Flagstaff, Williams and Grand ...
The Caledonian-Record

WATCH: Experts say increased spending doesn't mean better students

Spending more taxpayer dollars doesn't make kids smarter, according to experts. As K-12 test scores and student proficiency ...
InfoWorld

Lack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.
Moneylife

CBSE's Digital Exam Portal Had a Master Password That Could Unlock Any Examiner's Account — and the Board Knew for 3 Months before Going Public

A 19-year-old cybersecurity enthusiast has raised serious questions about the safety of the Central Board of Secondary ...
Tech Times

WordPress 7.0 Ships AI Agent Infrastructure: API Key Theft Risk Surfaces on Launch Day

WordPress 7.0 “Armstrong,” released May 20, 2026, arrived without the real-time collaborative editing feature that had been ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...
The Hacker News

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the ...
TechRepublic

Hackers Used New Exploit Kit to Compromise Thousands of iPhones

Thousands of iPhones were compromised using the Coruna exploit kit, which chained 23 iOS vulnerabilities into advanced attacks used for espionage and cybercrime. An iOS exploit framework has revealed ...
Indiatimes

Techie fired for using AI to write code that broke production

A software developer lost their job after using AI to write code that caused a big problem at work. The developer posted about the incident on Reddit, and it has led to a lot of talk in the tech ...
KTVZ

Nuclear codes, voicemail hacks and businesses going bust. These are some of the biggest password blunders

(CNN) — A 2014 security report resurfaced this week showing that the password for the server managing the CCTV network at the Louvre – Paris’ art museum which suffered immense financial loss after a ...