Attackers compromised the npm ‘atool’ account and published 637 malicious versions across 317 packages in 22 minutes, including high-traffic projects like size-sensor and echarts-for-react. The sophisticated payload harvests credentials, establishes persistent backdoors, and exploits GitHub’s infrastructure for command-and-control operations.
Author: 2yeuo
Japanese media giants Asahi and Nikkei are suing AI search engine Perplexity for $44 million over unauthorized content scraping. This lawsuit could fundamentally challenge how AI companies monetize others’ intellectual property.
Linus Torvalds says AI-generated bug reports are flooding Linux security lists with duplicates and low-quality submissions. The automation meant to improve security is actually making security work harder by creating massive amounts of unvalidated noise.
Another npm supply chain attack leaves JavaScript developers mystified by this completely unpredictable monthly occurrence. Other ecosystems with actual security measures report zero incidents, as usual.