The Hacker News

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

GlassWorm uses a fake WakaTime VS Code extension to infect IDEs, deploy RATs, and steal data, prompting urgent credential ...
Developer Tech

Axios npm attack causes JavaScript supply chain chaos

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...

Historic Poggenpohl building and smokestack at foot of Ben Franklin Bridge up for sale

An Old City business owner is looking to sell a building known for its 200-foot smokestack that rises above the Benjamin ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

Dallas company secures FDA approval for pediatric cancer drug trial

A subsidiary of the Dallas-based biotech Lantern Pharma received federal approval to move ahead with its planned trial for a ...
Security Boulevard

CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were receiving unauthorized patch updates, all containing the same hidden ...