Fake job recruiters hide malware in developer coding challenges

A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks.
The Hacker News

npm’s Update to Harden Their Supply Chain, and Points to Consider

In short, npm has taken an important step forward by eliminating permanent tokens and improving defaults. Until short-lived, ...
The New York Times

Democrats Reach Spending Deal With Trump, Seeking to Rein In ICE

Democrats and the White House agreed to fund the Department of Homeland Security for two weeks while they negotiate restrictions on an immigration crackdown. Senators said they hoped to vote on the ...
The Hill

GOP senators open to splitting off DHS funding to pass other key spending bills

A group of Republican senators is open to splitting the Homeland Security appropriations measure off from a six-bill government funding package that needs to pass by Friday to avoid a partial ...
thecyberexpress

Malicious Open Source Software Packages Neared 500,000 in 2025

Malicious open source software packages have become a critical problem threatening the software supply chain. That’s one of the major takeaways of a new report titled “State of the Software Supply ...
Business Insider

ReversingLabs 2026 Software Supply Chain Security Report Identifies 73% Increase in Malicious Open-Source Packages

CAMBRIDGE, Mass., Jan. 27, 2026 (GLOBE NEWSWIRE) -- ReversingLabs (RL), the trusted name in file and software security, today released its fourth annual Software Supply Chain Security Report. The 2026 ...
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Half a dozen vulnerabilities in the JavaScript ecosystem’s leading package managers — including NPM, PNPM, VLT, and Bun — could be exploited to bypass supply chain attack protections, according to ...
CBS News

Sen. Angus King says he won't vote for package with ICE funding, but "we don't have to have a shutdown"

Washington — Independent Sen. Angus King of Maine said Sunday that he won't vote for a package to fund the government if it includes funding for ICE, as lawmakers scramble to pass a slate of funding ...
The Hacker News

Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations

Cybersecurity company Arctic Wolf has warned of a "new cluster of automated malicious activity" that involves unauthorized firewall configuration changes on Fortinet FortiGate devices. The activity, ...
IGN

"The internet usually tells us our trades suck."

GameStop has said it has shut down a loophole that let its customers rack up store credit by continually trading in then rebuying a Nintendo Switch 2 console. In a statement posted to social media, ...
dlnews

A16z Crypto wants DeFi to ditch ‘code is law’ for ‘spec is law’ to combat $649m exploit problem

DeFi protocols must adopt a more principled approach to security to mature. They could use standardised specifications that constrain what a protocol is allowed to do. Many protocols are already ...
Bleeping Computer

Hackers now exploiting critical Fortinet FortiSIEM flaw in attacks

A critical Fortinet FortiSIEM vulnerability with publicly available proof-of-concept exploit code is now being abused in attacks. According to security researcher Zach Hanley at penetration testing ...