The Hacker News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and ...
The Caledonian-Record

BYDFi Joins Solana Accelerate APAC at Consensus Hong Kong, Expanding Solana Ecosystem Engagement

Global crypto trading platform BYDFi participated as a sponsor of Solana Accelerate APAC at Consensus Hong Kong 2026, held ...
TMCnet

Arcjet Launches v1.0 of its JavaScript SDK, Establishing Stability as a Core Developer Feature

"Shipping v1.0 is a clear signal to developers that Arcjet's API is stable and fully tested with real production workloads," said David Mytton, CEO at Arcjet. "Security should not introduce more work.
The Caledonian-Record

Wild beavers return to the UK for first time in 400 years

Once widespread across Britain, beavers were hunted to extinction 400 years ago. Today, they are increasingly recognized as one of nature’s most important keystone species - animals whose presence ...
InfoWorld

Beyond NPM: What you need to know about JSR

Here's how the JavaScript Registry evolves makes building, sharing, and using JavaScript packages simpler and more secure ...
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Half a dozen vulnerabilities in the JavaScript ecosystem’s leading package managers — including NPM, PNPM, VLT, and Bun — could be exploited to bypass supply chain attack protections, according to ...
Bleeping Computer

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

The defense mechanisms that NPM introduced after the 'Shai-Hulud' supply-chain attacks have weaknesses that allow threat actors to bypass them via Git dependencies. Collectively called PackageGate, ...