SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
Security Boulevard

CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were ...
OSTechNix

Ubuntu 26.04 LTS Resolute Raccoon Beta is Released: Here’s What’s New

Canonical released the beta version of Ubuntu 26.04 LTS Resolute Raccoon with Linux Kernel 7.0, GNOME 50 and many ...
The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
The Malaysian Reserve

Keeper Security Introduces KeeperDB™, Integrating Zero-Trust Database Access into KeeperPAM®

New capability embeds a secure, zero-trust database interface directly into the Keeper Vault, eliminating exposed credentials, unmanaged tools and ...
XDA Developers on MSN

A popular Python library just became a backdoor to your entire machine

Supply chain attacks feel like they're becoming more and more common.
ESX Virtualization

DataCore Puls8 vs OpenEBS: Comparison for Kubernetes Persistent Storage

With DataCore Puls8 officially launched on January 26, 2026 (GA release notes dated January 21, 2026), the obvious question ...