SecurityWeek

Mirasvit Vulnerability Exploited to Execute Code on Magento Servers

Hackers are exploiting a critical vulnerability in Mirasvit Full Page Cache Warmer to execute code remotely on Magento ...

Dozens of Red Hat packages backdoored through its official NPM channel

Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...
CoinDesk

Aave overhauls listing standards after $230 million rsETH exploit exposed bridge risks

An official postmortem traced the exploit to a LayerZero bridge verification failure and outlined a sweeping overhaul of Aave ...
InfoQ

DuckDB Quack: Client/Server Protocol over HTTP for Multi-User Analytics

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...
Bleeping Computer

Red Hat npm packages compromised to steal developer credentials

More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
CNET

Samsung Messages Is Going Away for Good. Here's How to Save Everything First

There's a hard cutoff coming for Samsung Messages, and it's closer than most people realize. The app stops functioning for US users in July 2026, and unlike a lot of software transitions, this one ...