Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.

BBC Sport's Emma Middleton explains the difference between corks and grabs.