The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
Hackaday

The Winners Of The 2025 Obfuscated C Code Contest

One of the most exciting challenges available to any software developer is that of writing brilliantly working code that’s so obtuse, so indecipherable, and opaque, that even its own author ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

Add Decrypt as your preferred source to see more of our stories on Google. Shai-Hulud malware has been linked to roughly 300 npm and PyPI package entries. OpenAI, Microsoft, and Mistral AI disclosed ...
theregister

The never-ending supply chain attacks worm into SAP npm packages, other dev tools

The wave of supply chain attacks aimed at security and developer tools has washed up more victims, namely SAP and Intercom npm packages, plus the lightning PyPI package. The newly compromised packages ...
cybernews

Best VPNs for the dark web in 2026

Our in-house cybersecurity experts and journalists, renowned for major reports like The Mother of All Breaches, conduct transparent, unbiased VPN testing and in-depth analysis. With 750+ articles ...
SecurityWeek

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found by Adversa AI. On March 31, 2026, Anthropic mistakenly included a ...
GitHub

GitHub - federicodotta/Brida: The new bridge between Burp Suite and Frida!

Long answer is that Brida is a collection of tools, some of them created to speed-up everyday mobile assessments and to help new Frida users, while others aimed at addressing very complex situations, ...
SiliconANGLE

Reflectiz raises $22M to protect enterprise websites from third-party and open-source risks

Web exposure management platform startup Reflectiz Ltd. revealed today that it has raised $22 million in new funding to expand its current product offering. The company plans to use the money to ...
heise online

Major attack on node.js

A major attack on the supply chain for software packages for the widely used JavaScript runtime environment node.js was discovered on Monday. The attacker has injected obfuscated malicious code into ...
heise online

Popular JavaScript package is: Malware through supply chain attack

Maintainer Jordan Harband writes on Bluesky that attackers had taken over the account of another project manager. Versions 3.3.1 and 5.0.0 of the package are affected. Both versions were apparently ...