The Hacker News

GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security

GitHub enforces FIDO 2FA and seven-day token limits after Shai-Hulud npm attack to boost supply chain security.
The Hacker News

New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module

XCSSET macOS malware adds clipboard hijacking, Firefox data theft, and new persistence methods, Microsoft warns.