InfoWorld

Copy-paste vulnerability hits AI inference frameworks at Meta, Nvidia, and Microsoft

Cybersecurity researchers have uncovered a chain of critical remote code execution (RCE) vulnerabilities in major AI ...
SecurityWeek

Tens of Thousands of Malicious NPM Packages Distribute Self-Replicating Worm

A threat actor has published tens of thousands of malicious NPM packages that contain a self-replicating worm, security ...
The Hacker News

Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

The coordinated campaign has so far published as many as 46,484 packages, according to SourceCodeRED security researcher Paul ...
InfoWorld

Malicious npm package sneaks into GitHub Actions builds

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...