New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.
InfoQ

Webpack Publishes 2026 Roadmap with Native CSS Support, Universal Target, and Path to Version 6

Webpack's 2026 roadmap, led by Even Stensberg, unveils substantial enhancements aimed at modernizing the bundler. Key features include native CSS module support, universal compilation for various ...
CNBC

China gives green light to importing first batch of Nvidia's H200 AI chips, sources say: Reuters

China has approved its first batch of Nvidia's H200 artificial intelligence chips for import, two people familiar with the matter told Reuters, marking a shift in position as China seeks to balance ...
Science Daily

This tiny power module could change how the world uses energy

As global energy demand surges—driven by AI-hungry data centers, advanced manufacturing, and electrified transportation—researchers at the National Renewable Energy Laboratory have unveiled a ...
Wired

Should You Import a Chinese Phone?

The top Chinese smartphones are innovation-packed spec beasts, but it’s not always a good idea to import from the East. The trouble is that getting your hands on a Chinese import can prove tricky and ...
Reuters

China to lower import tariffs on some products beginning 2026

BEIJING, Dec 29 (Reuters) - China announced on Monday tariff adjustments for some products beginning next year, including lowering the import duties on resource-based commodities such as recycled ...
PC Gamer

How to use the Automechanical Targeting Module in The Outer Worlds 2

Third Person Shooter How to get a Comet Igniter in Arc Raiders Third Person Shooter How to complete Keeping an Eye Out in Arc Raiders Third Person Shooter The latest Arc Raiders patch makes Rocketeers ...
Ars Technica

NPM flooded with malicious packages downloaded more than 86,000 times

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection. The finding, ...
ZDNet

5 ways to spot software supply chain attacks and stop worms - before it's too late

Shai-Hulud is the worst-ever npm JavaScript attack. This software supply chain worm attack is still ongoing. Here are some ways you can prevent such attacks. For those of you who aren't Dune fans, ...
Futurism

CrowdStrike Infested With “Self-Replicating Worms”

A year after a glitch at cybersecurity company CrowdStrike triggered a global computer outage affecting millions of computers, the software vendor is being forced to contain a new threat: a swarm of ...
Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...