The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Security Boulevard

SmartApeSG Launches Okendo Reviews Supply Chain Attack

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Saints' Travis Etienne Jr. Named to NFL Top 100, Check Out the Updated 2026 Rankings

New Orleans Saints running back Travis Etienne Jr., fresh off scoring a career-high 13 touchdowns last season, clocked in at ...

Caissie homers, doubles and singles to lead Marlins to 4-3 win over Giants

Owen Caissie was a triple shy of the cycle and hit a go-ahead sacrifice fly as the Miami Marlins beat the San Francisco ...
CoinDesk

Ethereum's biggest 'sandwich' bot drained of $7.5 million in ironic exploit

Blockaid said an attacker tricked Jaredfromsubway.eth into approving fake trading routes, then used those approvals to drain ...

A vengeful arsonist or a convenient scapegoat? What we’ve learned from testimony in the Palisades Fire trial

Jonathan Rinderknecht is accused of starting the deadly and historically destructive Palisades Fire that scorched swaths of ...