SecurityWeek

Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks

Software supply chain security firm JFrog has disclosed the details of a critical vulnerability affecting a popular React Native NPM package. React Native is an open source framework designed for ...
Bloomberg L.P.

Record $38 Billion Debt Sale Nears for Oracle-Tied Data Centers

Banks are preparing to launch a $38 billion debt offering as soon as Monday that will help fund data centers tied to Oracle Corp. in what would be the largest such deal for artificial intelligence ...
The Hacker News

npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to ...
The Business Journals

Oracle discloses pay for new co-CEOs, including Nashville executive

To continue reading this content, please enable JavaScript in your browser settings and refresh this page. Preview this article 1 min Oracle Corp. named co-CEOs in ...
Developer Tech

Oracle releases Java 25 with focus on developers and AI

Oracle has released Java 25 (Oracle JDK 25), the newest version of the language and platform that has been around for over three decades. The update brings thousands of improvements, many aimed at ...
CNBC

'We're all kind of in shock.' Oracle's revenue projections leave analysts slack-jawed

As Oracle's stock was soaring following the company's earnings report on Tuesday, analysts were gushing about the numbers and the company's prospects in artificial intelligence. "I'm sort of blown ...
CNBC

Oracle stock gains 36% to post best day since 1992, adding $244 billion in value

Oracle stock climbed 36% after the company reported gobsmacking cloud demand numbers. The cloud giant is on pace for its best day since 1992, and is now quickly approaching the $1 trillion market cap ...
GitHub

Compromised version of debug (v4.4.2) package through pm2

A couple of days ago there was a fairly major vulnerability injected into several low-level packages, in this case the debug package (supply chain attack). We were exposed to this compromise via a ...
ZDNet

This 2FA phishing scam pwned a developer - and endangered billions of npm downloads

A phishing email was at the heart of the attack. NPM team quickly removed backdoored versions. 18 packages hit, with 2B+ downloads every week. A new digital supply chain attack has targeted popular ...
The Hacker News

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer's account was compromised in a phishing attack. The attack targeted Josh Junon (aka Qix), who ...
SiliconANGLE

Massive npm hack poisons 18 packages with billions of downloads

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after attackers injected malware into 18 popular packages that together account for ...
techbooky.com

Banks Arrange $38B Debt Package for Oracle-Linked Data Centres

To finance data centres connected to Oracle Corp. in Wisconsin and Texas, JPMorgan Chase & Co. and Mitsubishi UFJ Financial Group Inc. take the lead with a $38 billion loan package. According to ...