CSO Online

Malicious packages in npm evade dependency detection through invisible URL links: Report

Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.
The Hacker News

⚡ Weekly Recap: WSUS Exploited, LockBit 5.0 Returns, Telegram Backdoor, F5 Breach Widens

Active WSUS exploits, LockBit 5.0’s comeback, a Telegram backdoor, and F5’s hidden breach — this week’s biggest cyber threats ...