SecurityWeek

NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks

In response to recent software supply chain attacks, NPM version 12 is blocking the automatic script execution at install.
XDA Developers on MSN

I solved Gemma 4's biggest problem by routing it through Claude, and all it took was a Python script

Complex problems can have Python solutions ...
CSO Online

Google’s Vertex AI SDK could allow RCE through bucket squatting

Google reportedly patched a flaw in the Vertex AI SDK for Python that could allow attackers to hijack model uploads and ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Hacker News

⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More

This week’s recap covers exploited flaws, supply chain attacks, phishing kits, AI lures, macOS stealers, urgent CVEs, tools, ...
News 13

SpaceX launches Intuitive Machines’ lunar lander to the moon

KENNEDY SPACE CENTER — Like a giant Roman candle, SpaceX’s Falcon 9 rocket soared into the night sky on Wednesday, carrying Intuitive Machines’ IM-2 lunar lander. Its destination is the moon, where ...