The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.
InfoWorld

First look: Electrobun for TypeScript-powered desktop apps

Powered by the TypesScript-native runtime Bun, Electrobun improves Electron with a smaller application footprint and built-in ...

What Is ActiveX? How It Works and Ensures Computer Security

ActiveX is a Microsoft software framework that enables applications to share data across web browsers, enhancing functionality and security in computing.
The Hacker News

Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools

Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security scanners. The package in question is eslint-plugin-unicorn-ts ...
GitHub

JavaScript heap out of memory on install

Downloading @openai/codex@0.53.0: 119.34 MB/119.34 MB, done Progress: resolved 1, reused 0, downloaded 0, added 0 <--- Last few GCs ---> [347:0xfffd4c010000] 11234 ms: Scavenge 397.2 (526.6) -> 397.2 ...
HotHardware

Forget Tiny11, This Nano11 Script Shrinks Windows 11 Install To Just 2.28 GB

Windows 11 customization utilities are a dime a dozen these days, and more enthusiasts are customizing their installs every day, in a bid to remove unnecessary cruft and save on disk space. NTDEV's ...