Official SAP npm packages compromised to steal credentials

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...

ClickUp Data Leak Exposes Enterprise Emails for Over a Year

A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security ...

'Wildly insufficient': Judge sets higher bond for local child porn suspect

CINCINNATI (WKRC) - A Hamilton County judge on Tuesday increased the bond for a Colerain Township man accused of child ...
The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.

From XSS to RCE: How to hijack a DotNetNuke server via a single script injection

Over 750,000 websites require patching following discovery of DotNetNuke XSS vulnerability ...
Infosecurity Magazine

Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets

Researchers uncover a malicious npm dependency linked to an AI‑assisted code commit that steals sensitive data and exposes ...