The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

South Florida kitchen, bath supplier files Chapter 11 with $8 million in debts

A South Florida kitchen and bath supplier with six showrooms filed for bankruptcy reorganization while citing mounting debt, ...

Truck dealers say they can’t import new models until Ottawa fixes paperwork

Canadian heavy-duty truck dealers are warning the economy is at risk of coming under further strain, because they won’t be ...

Playing it Koi: Hobby turns into a business with colorful results

Greenville couple grows, shows and sells award-winning 'living jewels' ... and it all started with a backyard pond.

China oil import cut, higher U.S. exports wrongfoot market bulls

As prices for ‌physical crude oil hit all-time highs of over US$160 per barrel last month, analysts and traders alike rushed ...

MLB power rankings: Untouchable Guardians roar to top of AL Central

After last year's stunning AL Central comeback, the Guardians look like the class of the division.
CSO Online

TrapDoor malware campaign puts developer workstations in CISO spotlight

Malicious packages across npm, PyPI, and Crates.io show how poisoned developer workflows can become a route into enterprise systems.
kottke.org

What If Lock-In Doesn’t Matter So Much Anymore?

Interesting observation by Mitchell Hashimoto (creator of Vagrant and Ghostty) on how a company’s or product’s choice of programming language matters less in th ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...
Crowdfund Insider

Malware : New ‘TrapDoor’ Supply Chain Attack Reportedly Targets Blockchain and Crypto Devs Across Multiple Ecosystems

The malware employs ecosystem-specific techniques for execution. On npm, many packages use post-install hooks to deploy a comprehensive JavaScript payload ...
The Express Tribune

PSX gains 2,248 points in mixed week

On Wednesday, the PSX witnessed a stable session, closing at 164,831, up 1,935 points (+1.19%). The market remained robust on ...
The Caledonian-Record

Ukraine ally Britain eases sanctions on Russian oil as fuel prices surge over Iran conflict

The U.K. government has quietly eased some sanctions on Russian oil to help Britons cope with rising costs. A new trade license allows the import of Russian oil refined into ...