Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
VentureBeat

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
Santa Clara University

What Is Corporate Social Responsibility (CSR)?

Corporate Social Responsibility (CSR), also known as corporate conscience, refers to a management idea that sees companies integrating social and environmental factors into their operations. CSR ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. As of writing, ...
Wall Street Journal

End of ‘Pattern Day Trader’ Rule Could Turbocharge Retail Stock Trading

A Securities and Exchange Commission move to axe a decades-old rule aimed at damping risky trades could encourage small investors to get even more active in the U.S. stock market. Retail brokerages ...
The Hacker News

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise

TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, ...
The New York Times

How Did Great Replacement Theory Go Global?

In “Chain of Ideas,” Ibram X. Kendi argues that a modern form of xenophobia has come to dominate conservative movements across the world. By Sam Adler-Bell Sam Adler-Bell is a co-host of the podcast ...
The New York Times

Anthropic Sues Pentagon Over ‘Supply Chain Risk’ Label

The artificial intelligence company filed two lawsuits against the Department of Defense, saying it was being punished on ideological grounds. By Sheera Frenkel Reporting from San Francisco Anthropic ...
Supply Chain

Rethinking Supply Chains for Extended Producer Responsibility

Analyst Insight: Extended producer responsibility (EPR) is rapidly changing the expectations placed on businesses. State-by-state regulations are creating a complex mix of requirements, companies are ...
Deadline.com

Kidnap Thriller ‘The Chain’ Lands Straight-To-Series Order At HBO With Damon Lindelof As Showrunner

Damon Lindelof is getting back into showrunning with a new kidnap thriller at HBO. The Warner Bros Discovery-owned cable network has handed The Chain a straight-to-series order. Based on Adrian ...
blockchain

LangChain Unveils Four Multi-Agent Architecture Patterns for AI Development

LangChain releases comprehensive guide to multi-agent AI systems, detailing subagents, skills, handoffs, and router patterns with performance benchmarks. LangChain has published a detailed framework ...