The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
Upstream

Shell declares force majeure on Qatari LNG volumes

Shell has declared force majeure on the liquefied natural gas cargoes it buys from QatarEnergy as supplies from the Middle East nation have all but ground to a halt amid the US-Israeli war on Iran ...
healthcareinfosecurity.com

Surf Raises $57M to Automate Security Hygiene With AI Agents

An agentic operations startup led by an ex-Proofpoint executive emerged from stealth with $57 million to help large enterprises automate security operations with artificial intelligence agents. See ...
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hundreds of GitHub accounts were accessed using credentials stolen in the VS Code GlassWorm campaign. Threat actors have been abusing credentials stolen in the VS Code GlassWorm campaign to hack ...
IEEE

Automating Source Code Plagiarism Detection in a Moodle-Based Programming Course

Abstract: Plagiarism in programming courses in college is an issue. Automatic plagiarism detection tools using source code similarities are important to combat this issue. For example, Moss and JPlag ...
The Hacker News

CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting n8n to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of ...