The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
CSO Online

Compromised npm package silently installs OpenClaw on developer machines

While the AI itself wasn’t weaponized, the technique raises concerns about AI agents with broad system access.

Open source registries don't have enough money to implement basic security

Trusted registries are widely treated as a key component of Software Bill of Materials (SBOM) - driven supply chain security ...
VietnamPlus

Indonesia rolls out rice support package for over 35 million households

The rice assistance policy is part of the Indonesian government’s stimulus package aimed at bolstering economic growth in the ...
Roll Call

Senate passes spending package with Homeland Security punt

The Senate on Friday passed a $1.2 trillion spending package to fund a slew of federal agencies through September, alongside a two-week stopgap measure for the Department of Homeland Security to buy ...
The New York Times

House Passes Spending Package Over Democratic Revolt on ICE

Approval of the package, which would fund a wide swath of government agencies, brings Congress closer to meeting a Jan. 30 funding deadline. By Catie Edmondson Reporting from the Capitol The House on ...
Reuters

EU Commission working on package to support Arctic security, von der Leyen says

DAVOS, Jan 20 (Reuters) - European Commission President Ursula von der Leyen said on Tuesday that the bloc's executive arm is working on a package to support Arctic security and warned that tariffs ...
Washington Examiner

Homeland Security bill removed from latest funding package

Funding for the Department of Homeland Security will not be included in the next slate of appropriations bills that dropped on Sunday, deviating from the original plan and coming after uproar over an ...
WPLG

Thief dressed as security guard caught stealing packages in Miramar

MIRAMAR, Fla. — Families in an East Miramar neighborhood say they are starting the new year on edge after a man dressed as a security guard was caught on camera stealing packages from homes.
Bleeping Computer

Malicious npm package steals WhatsApp accounts and messages

A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal WhatsApp messages, collect contacts, and gain access to the account. A fork of ...
CBS News

Suspicious package triggers security response near Miami federal courthouse; scene later cleared, police say

A suspicious package found Monday morning outside the Wilkie D. Ferguson Jr. U.S. Courthouse in Downtown Miami prompted a swift response from law enforcement, temporarily disrupting access to nearby ...
Infosecurity-magazine.com

Malware Manipulates AI Detection in Latest npm Package Breach

A new attempt to influence AI-driven security scanners has been identified in a malicious npm package. The package, eslint-plugin-unicorn-ts-2 version 1.2.1, appeared to be a TypeScript variant of the ...