The Hacker News

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Codex tokens were exfiltrated via a popular npm package, affecting users since v0.1.82 and enabling persistent account access ...
Hypebeast

StockX Releases Statement Regarding Nike Counterfeit Claims

HYPEBEAST recently reported on Nike’s claims against StockX for selling fake shoes on its marketplace. Just earlier this week, Nike amended its court filing to include its own findings when the ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
InfoQ

NodeJS Proposes Built-In Virtual File System, Sparking Debate over AI-Generated Contributions

Matteo Collina has proposed a Virtual File System (VFS) for Node.js core through the node:vfs module. The proposal includes about 19,000 lines of code and addresses common workflow challenges. While ...
CNBC

Bilt Rewards guide: Earn points on rent, mortgages and much more

Bilt Rewards offers a path to earn rewards on rent and mortgage payments with no transaction fee. It also offers three rewards credit cards, which can be exceptionally valuable if you maximize all of ...
OSTechNix

Why Startups Need Smarter Authentication Before They Scale

Here's the stage-by-stage framework for choosing the right authentication stack before scale forces your hand.
Microsoft

Typosquatted npm packages used to steal cloud and CI/CD secrets

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...