Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Security Boulevard

SmartApeSG Launches Okendo Reviews Supply Chain Attack

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
DataBreachToday

Mastra AI Framework Poisoned in npm Supply-Chain Attack

The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation ...

Alan Greenspan, longtime U.S. Fed chair who presided over boom before the 2008 financial crisis, dies at 100

Former U.S. Federal Reserve chair Alan Greenspan has died at the age of 100. He died on Monday from complications of ...
Total Telecom

FIFA scams shift focus from fans to employees, CUJO AI finds

Major global sporting events have always attracted opportunistic fraud. The 2026 FIFA World Cup, played across the United ...
Hackaday

This Week In Security: Arch AUR, Steam Marketplace, WordPress All Face Issues, Taco-Themed Coding, And Mythos Makes National News

Starting on June 11, 2026, the Arch User Repository (AUR) was targeted by malware which rapidly compromised over 1,500 packages. The AUR repository allows for abandoned community packages to be taken ...
cybernews

Best Free Ad Blockers for 2026 (Including Best Free Trials)

Our trusted in-house research experts conduct independent, unbiased testing of ad blockers, combining internal and external evaluation data and tools for comprehensive reviews. We maintain full ...
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
The Hacker News

New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer

Researchers detail REF8372, a malvertising campaign using fake Node.js ads, Storj-hosted payloads, and OXLOADER to deploy ...
Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...

Colin Farrell on Filming ‘Sugar’ in Los Angeles Even Though ‘Tax Breaks Suck,’ Tom Cruise’s ‘Disclosure Day’ Invite and When He Starts Shooting ‘The Batman 2’

Colin Farrell talks about filming "Sugar" in L.A., seeing "Disclosure Day" with Tom Cruise and when he starts filming "The ...