The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

FDA Approves New GLP-1 Weight Loss Pill—What To Know And How To Get It

The U.S. Food and Drug Administration on Wednesday approved a second oral GLP-1 medication, giving adults eligible for weight ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...