The Hacker News

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across ...
BeInCrypto

Ocean Network Wants to Turn Idle GPUs Into a Global Pay-Per-Use Compute Market

Ocean Network links idle GPUs with AI workloads through a decentralized compute market and editor-based orchestration tools.
SecurityWeek

RSAC 2026 Conference Announcements Summary (Pre-Event)

RSAC Conference 2026 summary . As hundreds of vendors descend on San Francisco for the RSAC 2026 Conference, the sheer volume ...
The Robot Report

Opentrons introduces dynamic simulation, visualization for AI-generated lab workflows

New Opentrons AI capability lets scientists simulate and visually inspect automated laboratory experiments before robots ...

"CanisterWorm" supply chain malware attacks npm

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
How-To Geek on MSN

Look out for malware when downloading models to 3D print

Something else to worry about.

OpenAI Astral Acquisition Brings Codex Closer to Python Developer Workflows

OpenAI to acquire Astral, bringing Python tools like uv, Ruff, and ty into Codex as it moves from code generation to ...
Security Boulevard

CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were ...
Microsoft

Contagious Interview: Malware delivered through fake developer job interviews

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...
eWeek

Nvidia Expands AI Agent Ecosystem With New Toolkit for Adobe, SAP, Salesforce

Nvidia unveiled its open-source Agent Toolkit at GTC 2026, adding OpenShell, AI-Q, and major partners including Adobe, SAP, ...
CSO Online

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ ...