Author: user

The second wave of the Shai-Hulud supply chain attack spilled over into the Maven ecosystem after compromising over 830 packages in the npm registry. The Socket Research Team said it has identified a Maven Central package named org.mvnpm:posthog-node:4.18.1 that includes the same two components related to Sha1-Hulud: the “setup_bun.js” loader and the main payload “bun_environment.js.” “This means that the PostHog project has compromised releases in both the JavaScript/npm and Java/Maven ecosystems with the same Shai Hulud v2 payload,” the cybersecurity firm said in an update on Tuesday. Note that Maven Central packages are not published by PostHog itself. Rather, the…

The always fun-filled Slush conference took place in Helsinki last week and, as always, was a show of the growing power of the European ecosystem. Scandinavia in particular is having a moment, this time led by Swedish vibe-coding darlings Loveable. Loveable is seen as an example of a growing ecosystem of successes. Although older names, other standout companies include Klarna and Spotify. This week on Equity, we spoke to Dennis Green-Lieber, founder of AI company Propane, about the rapid growth of the Nordic ecosystem. Green-Lieber is based in Denmark and has been building its ecosystem over the past 15 years.…

A mysterious foot fossil discovered in Ethiopia many years ago belongs to a mysterious and controversial human relative who lived at the same time as our ancestor Lucy, a new study has revealed.This discovery took many years. In 2009, scientists discovered a 3.4-million-year-old foot fossil with toes designed for living in trees. Newly discovered fossilized teeth and jawbones near the so-called Bartele’s Foot suggest that Lucy’s species, Australopithecus afarensis, lived side-by-side with another now extinct human relative, Australopithecus deiremeda, which lived about 3.5 to 3.3 million years ago.The study, published in the journal Nature on Wednesday (November 26), suggests that…

Cybersecurity researchers at Microsoft have identified a critical flaw in modern artificial intelligence (AI) systems. This means that your conversation with the chatbot could have been intercepted by a hacker attack. This bypasses the encryption used to keep your chats private.This attack technique, known as Whisper Leak, is a type of “man-in-the-middle” attack that allows hackers to intercept messages as they travel between servers. This worked because the hacker was able to read the message’s metadata and infer its content.The researchers outlined the attack in a study uploaded to the preprint arXiv database on November 5th. They notified large-scale language…

Several public websites designed to help courts in the United States and Canada manage potential jurors’ personal information had simple security flaws that could easily leak sensitive data such as names and home addresses, TechCrunch has learned exclusively. A security researcher, who requested anonymity for this story, contacted TechCrunch for details on the easily exploitable vulnerability and identified at least a dozen jury websites created by government software maker Tyler Technologies, which he said appear to be vulnerable because they run on the same platform. Our locations are located throughout the country, including California, Illinois, Michigan, Nevada, Ohio, Pennsylvania, Texas,…

South Korea’s financial sector has been targeted by what is described as an advanced supply chain attack that led to the deployment of Qilin ransomware. “This operation combines the capabilities of Qilin, a leading Ransomware-as-a-Service (RaaS) group, with the potential involvement of North Korean state-affiliated actors (Moonstone Sleet), which utilized Managed Service Provider (MSP) compromises as an initial access vector,” Bitdefender said in a report shared with The Hacker News. Qilin has emerged as one of the most active ransomware campaigns this year, with the RaaS team showing “explosive growth” with over 180 victims in October 2025. According to NCC…

Duke University researchers have solved a long-standing mystery about the source of high levels of PFAS contamination in water sources in North Carolina’s Piedmont region. By sampling and analyzing sewage in and around Burlington, researchers traced the source of the PFAS contamination to a local textile manufacturing plant. The source remained hidden for years because the facility did not emit PFAS in a regulated and monitored chemical form. Instead, they found that solid nanoparticle PFAS “precursors” break down into the chemicals that current tests are designed to detect. “We have some of the most sophisticated equipment in the world to…

The first results from the world’s largest neutrino detector have just been published, revealing the most accurate measurements of neutrino parameters to date.After operating the detector at the Jiangmen Underground Neutrino Observatory (JUNO) in southern China for just under two months, researchers were able to measure the parameters of different types, or “flavors,” of neutrinos with unprecedented precision.As a result, the values ​​of two important parameters of the neutrino are narrowed down. It is the mixing angle, which describes how different neutrino mass states combine to form a neutrino flavor, and the square of the difference between these mass states.…

Detection is considered a standard investment and first line of defense, so today’s enterprises are expected to have at least six to eight detection tools. However, security leaders have a hard time justifying dedicating resources to their superiors further downstream in the alert lifecycle. As a result, most organizations’ security investments are asymmetric and robust detection tools coupled with a last line of defense: an under-resourced SOC. A recent case study shows how a company using a standardized SOC prevented sophisticated phishing attacks that evaded key email security tools. This case study involved a cross-company phishing campaign targeting executives at…

Patients with B-cell acute lymphoblastic leukemia in the UK will receive a breakthrough CAR-T therapy on the NHS that has made a difference in clinical trials. This personalized treatment, known as obe-cel (obecabtagene autoleucel), reprograms a patient’s own immune cells to attack cancer, offering hope for remission when conventional treatments fail. Obe-cel, also known as Orcatsil, is manufactured by Autolus Therapeutics, a spin-out from University College London. The therapy is produced in Stevenage, a hub for pharmaceutical research and cell and gene therapy innovation, strengthening the UK’s position at the forefront of CAR-T therapy development. Experts are hailing this as…