The Hacker News

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

npm 12 disables install scripts by default, requiring explicit approval to reduce dependency-based code execution risks.

GitHub announces npm security changes to tackle supply-chain attacks

GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
CNET

Google's Been Quietly Using Your Hard Drive for AI. Here's What to Do About It

A 4GB file called weights.bin may have appeared on your hard drive, thanks to Chrome. Here's what it is and how to get rid of it. Alex Valdes from Bellevue, Washington has been pumping content into ...