New IronWorm malware hits 36 packages in npm supply-chain attack

Published on June 4, 2026

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. [...]

Continue reading on website
Other news

Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

June 4, 2026
A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working attack could have pushed malicious code into the action itself and onto the projects downstream that pull it.RyotaK of GMO

UN food agency discloses breach affecting 600,000 Gaza households

June 4, 2026
The United Nations' World Food Programme (WFP), the world's largest humanitarian organization, revealed over the weekend that its self-registration application (SRA) for Palestine was breached. [...]