Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
Nature

AI cracks 80-year-old mathematics challenge — researchers are astonished

An 80-year-old challenge in geometry has been cracked by an artificial-intelligence chatbot after a single prompt from mathematicians at the technology firm OpenAI. The company, based in San Francisco ...
Microsoft

Typosquatted npm packages used to steal cloud and CI/CD secrets

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...