cryptopolitan

Mini Shai-Hulud worm hijacks 323 npm packages under 30 minutes through a single stolen account

The Mini Shai-Hulud worm compromised 323 npm packages through the hijacked “atool” account on May 19, publishing 639 malicious versions. Affected packages include echarts-for-react (1.1M weekly ...
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...
WeLiveSecurity

Webworm: New burrowing techniques

ESET researchers analyzed the 2025 activity of Webworm, a China-aligned APT group that started out targeting organizations in Asia, but has recently shifted its focus to Europe. Even though this is ...

Gemini 3.5 Flash might be fast enough for gen AI to make sense

We’ve gone through the 3.0 and 3.1 families since then, and now it’s on to version 3.5. Gemini 3.5 Flash is rolling out ...

Anthropic Just Bought a Developer Tool Used by OpenAI, Google

Anthropic acquired SDK startup Stainless, signaling a deeper push into developer tooling as AI labs compete beyond model ...