Valid certificates, stolen accounts: how attackers broke npm's last trust signal

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...
XDA Developers on MSNOpinion

OpenClaw promised a self-hosted AI assistant I could actually leave running, but Hermes Agent is the one that delivers it

Hermes Agent gets a lot right, and it's something I'd trust a lot more than OpenClaw.
CoinDesk

Telegram group at center of Jane Street insider-trading allegations in Terra collapse

Newly unsealed filings detail a private chat dubbed ‘Bryce’s Secret’ that Terraform’s estate says gave Jane Street an ...
Decrypt

Terraform Accuses Jane Street of Using Insider Telegram Group Ahead of $40B UST-LUNA Collapse

New allegations claim that Jane Street made use of a private backchannel with Terraform insiders before Terra's collapse.
Microsoft

Exposing Fox Tempest: A malware-signing service operation

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other ...
The Hacker News

ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories

A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are ...