Attack on GitHub.dev steals OAuth token for all repos

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...
The Hacker News

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

Multiple npm supply chain attacks used 50+ poisoned packages to spread IronWorm, a Rust-based stealer, and a Miasma worm ...

Ukraine targets St. Petersburg again after Putin rejects Zelenskyy's offer for direct talks

Ukrainian drones struck St. Petersburg, Russia's second-largest city, prompting residents to stay indoors. This attack ...

Prem final day: Bath secure home semi-final, Exeter set for play-offs

Follow live text and listen to radio commentary from the final day of the Prem season including Bath v Leicester and Exeter v ...

Israel and Lebanon agree to implement ceasefire if Hezbollah stops attacks

The countries reject "any attempt, by any state or non-state actor, to hold Lebanon's future hostage", the US says.
Bleeping Computer

New IronWorm malware hits 36 packages in npm supply-chain attack

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and ...

Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...
The Hacker News

Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.
Dark Reading

DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks

A sneaky IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones ...

Security News This Week: Crypto-Funded Chinese Peptide Labs Are Booming

Plus: Hackers use Meta’s AI bots to hack Instagram accounts, Anthropic helps NSA hackers, a decades-long GPS satellite mystery may have been solved, and more.
The Caledonian-Record

NH Moose Are Under Tick Attack; Could Forestry Changes Help Save Them?

In fall, hoards of winter ticks latch on to New Hampshire’s moose — sometimes upward of 50,000 per adult animal.