On July 11, 2026, version 8.14.0 of the `jscrambler` npm package was [pushed to the registry with a malicious `preinstall` hook](https://thehackernews.com/2026/07/compromised-jscrambler-8140-npm-relea
Supply chain attackers have hijacked at least two npm packages and a cluster of Go modules, repurposing them to silently deploy a Python-based information stealer on developer machines running Windows
Cybersecurity researchers have confirmed a new wave of the Miasma supply chain campaign — linked to the same threat actor behind the Mini Shai-Hulud and Hades malware families — that has [compromised
A large-scale malware campaign called **WeedHack** has compromised more than 116,000 systems running Minecraft since January 2026, according to [BleepingComputer](https://www.bleepingcomputer.com/news
Dutch authorities have [taken offline a massive botnet comprising 17 million infected devices](https://www.bleepingcomputer.com/news/security/dutch-govt-disrupts-malware-botnet-with-17-million-infecte
A third-party website used in the UK visa application process has been leaking applicants' passport scans and facial selfies to unauthenticated users — and as of this writing, [the leak remains unpatc