Breaking News – Cyber Threats (last 6h)
Generated: 2026-05-23 13:00 PDT
- npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
The Hacker News • 2026-05-23 09:35 • thehackernews.com
GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation.Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor authentication (2FA) challenge to approve
https://thehackernews.com/2026/05/npm-adds-2fa-gated-publishing-and.html - Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
The Hacker News • 2026-05-23 09:07 • thehackernews.com
A new “coordinated” supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL.“Although the affected packages were all Composer packages, the malicious code was not added to composer.json,” Socket said. “Instead, it was inserted into package.json, targeting projects that ship JavaScript
https://thehackernews.com/2026/05/packagist-supply-chain-attack-infects-8.html - Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes
BleepingComputer • 2026-05-23 07:23 • www.bleepingcomputer.com
Italian authorities have dismantled a piracy ecosystem centered around the CINEMAGOAL app that provided access to various streaming platforms, including Netflix, Disney+, and Spotify. […]
https://www.bleepingcomputer.com/news/legal/italy-disrupts-cinemagoal-piracy-app-that-stole-streaming-auth-codes/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
