Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
The Star

Wasco well-positioned to secure up to two FPSO module packages

PETALING JAYA: Wasco Bhd ’s existing yard capacity and modular fabrication capability appear well-positioned to secure one to two additional floating production, storage and offloading (FPSO) module ...
esa.org

Ecology Curricular Framework Endorsed by the Ecological Society of America.

The Four-Dimensional Ecology Education (4DEE) Framework Initiative has its roots in 30 years of debate among ecologists and ESA leaders calling for a framework for eco-literacy that would provide ...
Microsoft

Typosquatted npm packages used to steal cloud and CI/CD secrets

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...