CSO Online

TrapDoor malware campaign puts developer workstations in CISO spotlight

Malicious packages across npm, PyPI, and Crates.io show how poisoned developer workflows can become a route into enterprise systems.
The Hacker News

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

CVE-2026-5426 enabled KnowledgeDeliver LMS attacks before February 24, 2026, leading to Cobalt Strike infections.

All You Need To Know About Cloudflare’s Agent Readiness Score

The Cloudflare Agent Readiness Score is a real shift. The composite number is also the wrong thing to optimize for. Here's ...
GitHub

External JavaScript for yt-dlp supporting many runtimes

The project provides lockfiles for every supported package manager. If you only have Python and a JS runtime, then you may instead run ./hatch_build.py. This will transparently invoke one of the ...
The Hacker News

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.

In Her Own Words: Channon Kennedy had the tools to develop her tool company

Channon Kennedy, founder and CEO of The Morgan Square tool company, spent more than 26 years in commercial banking before a ...
The Register-Herald

Matthew Perry's family trusted his assistant to help keep him sober. He instead helped him overdose

Matthew Perry's assistant is set to become the last defendant sentenced in the investigation of the drug death of the ...