The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
Windows Report

[UPDATE] GitHub Copilot Reportedly Injects Promotional Content Into Pull Requests

[UPDATE 7:35 AM GMT+1 | 31/3/2026] According to Windows Central, the Vice President of Developer Relations at GitHub has confirmed that product tips were being injected, but the feature was disabled ...