The Hacker News

⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

Supply chain chaos, old bugs, smarter phishing, and botnets everywhere — here’s what broke the internet this week.
InfoQ

TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...
Bleeping Computer

OpenAI confirms security breach in TanStack supply chain attack

OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate code-signing certificates for ...
The Next Web

OpenAI says no user data was touched in the TanStack npm worm

Two corporate laptops, some credential material, and a forced macOS app update. The interesting part is how the malicious packages got published in the first place: not by a stolen npm password, but ...
VentureBeat

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

Any development environment that installed or imported one of the 172 compromised npm or PyPI packages published since May 11 should be treated as potentially compromised. On affected developer ...
Bleeping Computer

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. The attacker hijacked valid OpenID ...
InfoWorld

Mistral AI SDK, TanStack Router hit in npm software supply chain attack

The TeamPCP threat group has pulled off another big supply chain attack which within a few hours this week was able to successfully compromise 170 Node Package Manager (npm) and PyPI packages. The ...
Infosecurity-magazine.com

Mini Shai-Hulud Hits TanStack npm Packages

A new wave of the Mini Shai-Hulud campaign compromised dozens of TanStack npm packages as part of a broader supply chain attack affecting developer ecosystems, including packages tied to UiPath, ...
CNN

These are 2 best mesh Wi-Fi routers for stable, easy-to-use home internet

The fight for the throne went to the fastest data-slinger in my apartment. The Asus ZenWiFi BT6 landed the highest download speed scores on the Internet Health Test, averaging out at 652.7 Mbps.
Popular Mechanics

Despite the Government’s Ban, Netgear Just Got an Exemption to Keep Selling New WiFi Routers in the U.S.

Well, that came sooner than I’d expected. Hot on the heels of the news that the U.S. government had banned all foreign-made routers that weren’t already on sale or approved by the FCC, word came on ...
Fox Business

FBI offers urgent guidance on securing home routers after disrupting Russian intelligence hacking network

Foreign hackers are looking to exploit vulnerabilities in Americans' internet routers, and the FBI is offering tips for securing your home or office routers after it announced actions it took to crack ...