SecurityWeek

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack

The Megalodon supply chain attack poisoned over 5,500 GitHub repositories via automated commits injecting GitHub Actions workflows.
Security Boulevard

What Is Hybrid Cryptography? [The Practical Path to PQC]

Every time you log into your bank, send an email, or connect to a VPN, encryption quietly does the heavy lifting. The internet feels simple. The security underneath it? Anything but simplicity. That’s ...
Morning Overview on MSN

Three separate supply-chain attacks hit npm, PyPI, and Docker Hub within 48 hours — all three targeted developer cloud credentials and SSH keys

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...
XDA Developers on MSN

OpenClaw promised a self-hosted AI assistant I could actually leave running, but Hermes Agent is the one that delivers it

Hermes Agent gets a lot right, and it's something I'd trust a lot more than OpenClaw.
CoinTelegraph

Bitcoin developer launches privacy-focused Nostr VPN using public keys

One of the earliest Bitcoin developers launched a new privacy-focused version of Nostr VPN that replaces centralized identity providers with cryptographic keys. Martti Malmi, an early Bitcoin ...

In stunning display of stupid, secret CISA credentials found in public GitHub repo

Security researcher Brian Krebs brings us the news that America’s Cybersecurity & Infrastructure Agency (CISA) has had a large store of plaintext passwords, SSH private keys, tokens, and “other ...
InfoQ

TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...
Microsoft

How Storm-2949 turned a compromised identity into a cloud-wide breach

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...