SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...
Wall Street Journal

IBM, Red Hat Pledge $5 Billion for AI-Driven Open Source Security Initiative

International Business Machines and Red Hat have committed $5 billion to establish a new model for open-source software, aiming to secure software supply chains for enterprises. Under the new project, ...
VentureBeat

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
Morningstar

ADEX Publishes Analysis of XCSSET Malware: Research Details How Active Infection Spreads Silently Through Xcode Projects, GitHub Repositories, and Developer Credentials

LIMASSOL, Cyprus, May 19, 2026 /PRNewswire/ -- The ADEX security team has released a detailed technical case study documenting a live XCSSET infection detected, captured, and analyzed within a client ...
pv-magazine-usa

State legislatures consider bills to speed solar project deployment

As deadlines for solar projects to qualify for the Section 48E investment tax credit (ITC) draw near, lawmakers in some states are taking steps to remove barriers to project development. The furthest ...
TechCrunch

Pentagon inks deals with Nvidia, Microsoft, and AWS to deploy AI on classified networks

After landing agreements with Google, SpaceX, and OpenAI, the U.S. Defense Department said on Friday that it has signed deals with Nvidia, Microsoft, Amazon Web Services, and Reflection AI that allow ...
Microsoft

Accenture is rolling out Copilot to a workforce the size of Denver. Here’s how they’re doing it.

Deploying Microsoft 365 Copilot to 20,000 employees might sound like a big undertaking, but Accenture was just getting started. The global professional services firm is rolling out Copilot across its ...
CSOonline

Bitwarden CLI password manager trojanized in supply chain attack

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may be behind a spate of recent supply chain attacks. Researchers warn of a new ...
SiliconANGLE

Anthropic launches Claude Design to speed up graphic design projects

The latest addition to Anthropic PBC’s product portfolio is Claude Design, a tool that enables users to generate visual assets with prompts. The company launched the offering into public preview today ...
Engineering News-Record

Twin TBMs Prepped for Deployment as $16B Hudson River Tunnel Project Advances

A cutterhead for one of two tunnel boring machines is being prepped to dig twin tunnels for the Hudson Tunnel Project's New Jersey approach. Both TBMs are being readied for assembly in North Bergen. N ...
MacTech

GhostClaw expands beyond npm: GitHub repositories and AI workflows deliver macOS infostealer

In March, JFrog Security Research documented a malware campaign titled GhostClaw/GhostLoader. Since the original documentation of this campaign, Jamf Threat Labs examined multiple GitHub repositories ...