The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
The Hacker News

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...
GitHub

n8n Ultimate JSON Functions Cheat Sheet

{{ .fieldName }} // Get field from current item +{{ ["field with spaces"] }} // Field names with spaces/special chars +Stop searching through documentation! This ...
InfoWorld

New ‘StoatWaffle’ malware auto‑executes attacks on developers

The newly observed malware abuses VS Code’s “runOn:folderOpen” feature to execute automatically from trusted projects, ...
Oil

TotalEnergies, Shell agree to asset swap to add equity to operated Brazil positions

The agreement between TotalEnergies and Shell will see both parties add equity to operated positions in Gato do Mato and Lapa fields. TotalEnergies and Shell Brasil Petróleo Ltda have agreed to swap ...
VietnamPlus

Youth Month: Youngsters create social values through digital transformation

Hanoi (VNA) – Moving beyond traditional volunteer activities, Vietnamese youth are increasingly affirming their role in national digital transformation through practical, community-based initiatives.