Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...
InfoWorld

Nvidia’s SchedMD acquisition puts open-source AI scheduling under scrutiny

With Nvidia now controlling Slurm’s roadmap, enterprises running mixed-vendor GPU clusters are asking whether open-source guarantees are enough.
SecurityWeek

Guardarian Users Targeted With Malicious Strapi NPM Packages

A threat actor has used 36 malicious NPM packages posing as Strapi plugins to distribute malware targeting Redis, Docker, and ...