What's new? GitHub launched the MCP registry to list MCP servers for Copilot, AI agents and tools; it supports one click ...

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...

Shai-Hulud is the third major supply chain attack targeting the NPM ecosystem after the s1ngularity attack and the recent ...

CrowdStrike, a cybersecurity company, is grappling with a self-replicating worm named Shai-Hulud that has compromised numerous code packages.

On September 15, a new supply chain attack was identified that targeted the @ctrl/tinycolor and 150 other NPM packages. The ...

In a similar style to the Nx attack, the payload then publishes a new repo via the victim's GitHub account, dropping stolen ...

Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...

Agent Payment Protocol, a new open source standard from Google and 60 other payment players, aims to make transactions made ...

What's new? Google launches agent payments protocol (AP2) on GitHub for cross-platform payments; AP2 uses cryptographic ...

The bundle.js script is designed to steal npm, GitHub, AWS and GCP tokens. But it also installs TruffleHog – an open source ...

Google announced on September 16, 2025, the launch of its Agent Payments Protocol (AP2), an open framework designed to ...

AP2 provides a universal, secure protocol for a variety of payments, including cryptocurrencies and stablecoins. In ...