Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
SecurityWeek

Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea

Polyfill supply chain attack that hit more than 100,000 websites has now been linked to North Korean threat actors.
University of Wyoming

University of Wyoming Libraries

LIBRARIES UPDATE: Due to spring break, UW Libraries will have reduced hours. Coe Library closes at 5:30 p.m. Friday, 3/13; is closed 3/14–3/15 and 3/21; and has reduced hours 3/16–3/20. The Geology ...
The Hacker News

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Malicious npm package '@openclaw-ai/openclawai' downloaded 178 times installs GhostLoader RAT, stealing credentials and crypto wallets.