New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.
MacRumors

Apple Begins Testing End-to-End Encryption for RCS Messages in iOS 26.4 Beta

Apple is testing secure messaging between Android and iOS devices with iOS 26.4, iPadOS 26.4, and macOS Tahoe 26.4. The updates introduce end-to-end encryption (E2EE) for RCS messages, a security ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...