Author: InfoForTech
Ravie LakshmananMay 23, 2026Malware / DevSecOps A new “coordinated” supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. “Although the affected packages were all Composer packages, the malicious code was not added to composer.json,” Socket said. “Instead, it was inserted into package.json, targeting projects that ship JavaScript build tooling alongside PHP code.” This “cross-ecosystem placement” makes the activity stand out because developers and security teams scanning PHP dependencies may only focus on Composer-related metadata, while skipping package.json lifecycle hooks that are bundled within the…
Isaac Kong and Pamela Theng quit their corporate jobs to fix soft toys for a living Clarissa Wiyono did not fly from Jakarta to Singapore to sightsee. The 29-year-old made the trip specifically to drop off her Dumbo plushie—a 50cm elephant toy she had carried since her visit to Disneyland Orlando through her wedding and across countless flights abroad—at a restoration service she could not find back home. She did not trust couriers. She came herself. This is the kind of customer Isaac Kong and Pamela Theng, both 54, have come to know well. The husband-and-wife pair are the “surgeons”…
Neil Armstrong and Buzz Aldrin became the faces of the Moon landing era. Elon Musk’s Mars era may get a very different public face in Chun Wang, a cryptocurrency billionaire whose fortune traces back to Bitcoin mining. Wang is expected to lead a future SpaceX Starship mission that would fly past Mars and return to Earth. SpaceX has not announced a launch date, and the plan still depends on Starship proving it can safely carry humans far beyond Earth’s orbit. SpaceX From Apollo heroes to billionaire passengers Private spaceflight has already moved through its celebrity phase. In April 2025, Blue…
This week on a supersized Memorial Day Weekend edition of the GeekWire Podcast: A massive IPO filing from SpaceX includes new details about Elon Musk’s Starlink business and its satellite factory in Redmond. Jeff Bezos talks about wealth, inequality and eventually tech in an hour-long CNBC appearance. John goes to World Cup ticketing hell and turns to ChatGPT and Gemini when FIFA’s support falls short. And finally, a special Sam Altman/Seattle startup edition of GeekWire Trivia. With GeekWire co-founders Todd Bishop and John Cook. Related Links: SpaceX is churning out 70 Starlink satellites a week in Redmond, and more from…
Many years ago, the Samsung Galaxy Note 7 gained notoriety when its batteries caught fire in a series of incidents. There’s been a steady stream of similar, though isolated, incidents ever since. However, despite the high-profile coverage of batteries gone wrong, the vast majority of lithium-ion batteries are safe.The chemical reaction that occurs inside a lithium-ion cell is complex, but as in any battery, there’s a negative and a positive electrode. In lithium batteries, the negative is a lithium-carbon compound, and the positive is cobalt oxide (though many battery makers are moving away from cobalt). These two compounds cause a…
Well, that didn’t last long! Recording this on Saturday morning my time, I observed ShinyHunters having gone quiet since the massive haul that would have been the Instructure ransom. It was two weeks almost to the hour since I’d first heard rumour of payment being made, and I posited that groups like this often go quiet after they feel the heat, only to emerge shortly after, the drug that is hacking being too strong to ignore. Anyway, here we now are: 🚨🇺🇸 ShinyHunters Claims 3 New Victims🇺🇸 https://t.co/v8Wf457Gbp: U.S.-based dental benefits administrator and oral health company.🇺🇸 Charter Communications, Inc.: U.S.…
The AI-generated version of ‘Moonrise, Hernandez, New Mexico’ was on display at AIPAD’s The Photography show. Michael Ochs Archives/Getty Images The Ansel Adams Publishing Rights Trust released a statement this weekend condemning the unauthorized use of the photographer’s name and work for the creation of an “AI-generated color version” of Adams’ “Moonrise, Hernandez, New Mexico.” According to the trust, the piece was up for sale last month at the Association of International Photography Art Dealers’ (AIPAD) The Photography Show. The exhibit by Danziger Gallery “exploited Ansel’s name, reputation, and his most iconic image, while failing to…
The shift from on-premises computing to software as a service changed the technology model and forced information technology organizatios to modernize how it builds, buys and operates software. It also reshaped how software vendors price, deliver, and add value. But for most buyers, SaaS didn’t fundamentally change how the company made money or how work got done day to day. The business became more agile and IT became less of a friction point, but the operating model of the enterprise largely stayed intact. SaaS transformed software companies and IT departments first – and mostly stopped there. How this AI wave…
Ravie LakshmananMay 23, 2026Software Supply Chain / DevSecOps GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor authentication (2FA) challenge to approve a package before it is pushed to the npmjs[.]com. “Instead of a direct publish that immediately makes a package version available to consumers, the prebuilt tarball is uploaded to a stage queue…
The remote work era made employee monitoring software easier to justify. What began as a way to watch people working from home is now being normalized on office floors, too. Right on cue, a new Northeastern University study suggests the data collected through these tools is also being shared with major third parties, including Google, Facebook, and Microsoft. David Choffnes, a professor at Northeastern’s Khoury College of Computer Sciences and one of the study’s co-authors, said the research shows how little privacy protection workers have in the workplace. He also noted that the issue is not just data collection by…