SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

Microsoft、「WSL containers」を発表 ~数カ月内にパブリックプレビュー

米Microsoftは6月2日(現地時間)、開発者カンファレンス 「Build 2026」 で、「WSL コンテナー」(WSL containers)を発表した。今後数カ月以内にパブリックプレビューが提供される予定。
Cryptopolitan

Attackers trojanized Arweave’s WeaveDB npm package to deploy malware

A malware named IronWorm spread through 36 npm packages in the Arweave ecosystem, stealing developer credentials and self ...
The Hacker News

New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing

FROST uses JavaScript and OPFS SSD timing to identify websites at 88.95% F1, exposing cross-browser privacy leaks.

Getting started

This guide will cover the basics of installing the Glow JavaScript library, and a few simple examples of using Glow to get you started. We are assuming you have at least a working knowledge of ...
Bleeping Computer

Credit card theft campaign abuses Stripe to host stolen payment info

A new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. The entire malicious activity relies on Google Tag ...

LZH書庫ファイルを扱える64bit DLL「UnLha64x」が登場、「UNLHA32.DLL」互換

「UNLHA32.DLL」互換の64bit ...
Impress Watch

マイクロソフト、翻訳“コストゼロ”も可能 EdgeのローカルAI強化

米Microsoftは、Microsoft Edgeに導入するオンデバイス動作の生成AIについて3つのアップデートを発表した。 すでに提供している開発者向けの「Prompt API」と「Writing Assistance API」には、デバイスのサポートが限定的だった「Phi-4-mini」に代わり、より小さく効率的な ...
Tech Times

Fake Claude Code Installers on 32 Live Sites Steal Developer API Keys via Google Ads

Fake Claude Code installer malware used Google Ads to place spoofed AI tool pages above real documentation since March 2026.