Red Hat hit by npm supply‑chain attack - here's how to stay safe

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...
Tech Times

Fake Claude Code Installers on 32 Live Sites Steal Developer API Keys via Google Ads

Fake Claude Code installer malware used Google Ads to place spoofed AI tool pages above real documentation since March 2026.
PCMag

Your Old Kindle Just Lost Amazon Support. Here's How to Keep Reading Anyway

Amazon may have cut off support for your older Kindle, but don't worry. If you're not ready to upgrade, I'll show you how to ...

My new favorite Windows app made my PC safer and more reliable - and it's free

Downloading executable installer files from random websites is the best way to put malware on your Windows PC. Stop doing ...
InfoWorld

As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
GitHub

Grunt: The JavaScript Task Runner

We support the latest version with security and bug fixes. The previous versions are all end-of-life and will not receive any security or bug fixes. Our OpenJS Ecosystem Sustainability Program partner ...
GitHub

LittleJS - The Tiny Fast JavaScript Game Engine

LittleJS is a fast, lightweight, and fully open source HTML5 game engine designed for simplicity and performance. Its small footprint is packed with a comprehensive feature set including rendering, ...