The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Dark Reading

Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories

A variant of the infamous Shai-Hulud worm wreaked havoc on Microsoft's code repositories, triggering disruptions to CI/CD workflows and heightening concerns about increasing software supply chain ...
TechCrunch

Microsoft’s open source tools were hacked to steal passwords of AI developers

Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code ...
Ars Technica

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...
ZDNet

Open-source security is a mess - IBM and Red Hat bet $5 billion and 20,000 engineers can fix it

Lightwell is a huge effort to safeguard open-source software. IBM and Red Hat are investing in this massive security initiative. We don't yet know how this subscription-based service will work. AI is ...
Wall Street Journal

IBM, Red Hat Pledge $5 Billion for AI-Driven Open Source Security Initiative

International Business Machines and Red Hat have committed $5 billion to establish a new model for open-source software, aiming to secure software supply chains for enterprises. Under the new project, ...
VentureBeat

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
Morningstar

ADEX Publishes Analysis of XCSSET Malware: Research Details How Active Infection Spreads Silently Through Xcode Projects, GitHub Repositories, and Developer Credentials

LIMASSOL, Cyprus, May 19, 2026 /PRNewswire/ -- The ADEX security team has released a detailed technical case study documenting a live XCSSET infection detected, captured, and analyzed within a client ...
WTHR

Army veteran in Indianapolis gets home repairs through company's 'roof deployment project'

INDIANAPOLIS — On Tuesday, an Army veteran got a new roof for his Indianapolis home, thanks to the Owens Corning Roof Deployment Project and Purple Heart Homes. The project is a nationwide effort to ...
TechCrunch

Pentagon inks deals with Nvidia, Microsoft, and AWS to deploy AI on classified networks

After landing agreements with Google, SpaceX, and OpenAI, the U.S. Defense Department said on Friday that it has signed deals with Nvidia, Microsoft, Amazon Web Services, and Reflection AI that allow ...
Microsoft

Accenture is rolling out Copilot to a workforce the size of Denver. Here’s how they’re doing it.

Deploying Microsoft 365 Copilot to 20,000 employees might sound like a big undertaking, but Accenture was just getting started. The global professional services firm is rolling out Copilot across its ...
Bleeping Computer

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. The dangerous release is 0.23.3, ...