The Hacker News

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across ...
BeInCrypto

Ocean Network Wants to Turn Idle GPUs Into a Global Pay-Per-Use Compute Market

Ocean Network links idle GPUs with AI workloads through a decentralized compute market and editor-based orchestration tools.

"CanisterWorm" supply chain malware attacks npm

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
The Robot Report

Opentrons introduces dynamic simulation, visualization for AI-generated lab workflows

New Opentrons AI capability lets scientists simulate and visually inspect automated laboratory experiments before robots ...

OpenAI Astral Acquisition Brings Codex Closer to Python Developer Workflows

OpenAI to acquire Astral, bringing Python tools like uv, Ruff, and ty into Codex as it moves from code generation to ...
Security Boulevard

CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were ...
How-To Geek on MSN

Look out for malware when downloading models to 3D print

Something else to worry about.
Microsoft

Contagious Interview: Malware delivered through fake developer job interviews

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...
eWeek

Nvidia Expands AI Agent Ecosystem With New Toolkit for Adobe, SAP, Salesforce

Nvidia unveiled its open-source Agent Toolkit at GTC 2026, adding OpenShell, AI-Q, and major partners including Adobe, SAP, ...
CSO Online

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ ...
Dark Reading

Cyber OpSec Fail: Beast Gang Exposes Ransomware Server

Files on a central cloud server used by the ransomware group highlight a systematic, aggressive attack on network backups as ...