The Hacker News

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit

Attackers hijacked 400+ Arch Linux AUR packages to run a Rust credential stealer, with optional eBPF rootkit support on root ...
MUO on MSN

I run three self-hosted apps on a $35 Raspberry Pi and they never skip a beat

My $35 server works harder than some PCs.
The Next Web

Attackers hijacked over 1,500 Arch Linux packages to steal developers’ secrets, no hacking required

Attackers hijacked over 1,500 packages in Arch Linux's AUR to plant a credential stealer. The official repos are safe, but the trust model took the hit.
Tech Times

Homebrew 6.0.0 Adds Tap Trust to Block Rogue Ruby Installs, Starts Intel Countdown

Homebrew 6.0.0 shipped June 11 with tap trust, a mechanism that blocks arbitrary Ruby code from third-party taps until ...

Alpine Linux 3.24 released with support for COSMIC Desktop and other improvements0 0

The Alpine Linux team has released Alpine Linux 3.24, bringing updates to numerous system packages and adding support for ...
XDA Developers on MSN

Microsoft finally admitted Linux won, and Coreutils for Windows proves it

The tools Linux developers love are coming to Windows.
thearabianpost

Fake trust network pushes crypto-stealing clipper

Cybersecurity investigators have exposed a cryptocurrency theft campaign that used fake GitHub popularity, AI-narrated YouTube videos, manipulated download figures ...
The Hacker News

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

npm 12 disables install scripts by default, requiring explicit approval to reduce dependency-based code execution risks.
Tech Times

npm v12 Security Overhaul Blocks Install Scripts by Default: July Deadline for CI Migration

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...
InfoWorld

GitHub finally pulls the plug on automatic install script execution for npm

The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took ...
SecurityWeek

NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks

In response to recent software supply chain attacks, NPM version 12 is blocking the automatic script execution at install.
Popular Mechanics

The 8 Best Rust Removers Make Gear Look Good as New

Iron and steel may be some of the strongest materials on earth, but they’re no match for the elements. Ferrous metals start to rust after only a few hours of exposure to air and water. Left unchecked, ...