Tech Times

npm Supply Chain Attacks Hit GitHub: 2FA Approval Gate Now Blocks Stolen CI Tokens

GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...

Drupal: Critical SQL injection flaw now targeted in attacks

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier ...

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
The Hacker News

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

Malicious npm package downloaded 676 times stole Claude AI files via GitHub uploads, increasing AI-driven malware risks.
Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

Megalodon cyberattack infects 5,500 GitHub open-source repositories with malware, researchers say

Security researchers say 5,500 GitHub repositories have been affected by the attack.
Morning Overview on MSN

Hackers just walked off with 3,800 of GitHub’s internal code repositories — smuggled out by a single poisoned plugin a GitHub developer trusted

Somewhere inside GitHub, a developer installed a Visual Studio Code extension. It looked like any other productivity plugin ...
Microsoft

Inventive ways people are using AI

People everywhere are using AI to get creative, spend more time with loved ones and ditch mundane tasks — all things they wouldn’t have even imagined a year ago, before generative AI became widely ...