The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
GitHub

SuGaR: Surface-Aligned Gaussian Splatting for Efficient 3D Mesh Reconstruction and High-Quality Mesh Rendering

We propose a method to allow precise and extremely fast mesh extraction from 3D Gaussian Splatting (SIGGRAPH 2023). Gaussian Splatting has recently become very popular as it yields realistic rendering ...
The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.
CSO Online

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
GitHub

password-generator-python

A powerful and flexible Python-based tool for generating high-quality password dictionaries for penetration testing and cybersecurity research. This project allows users to create custom wordlists ...
CNBC

Volvo Cars wins U.S. approval to keep importing vehicles with 'connected car' technology

Volvo Cars, majority owned by China's Geely Holding(GEELY.UL), said on Tuesday it received approval from the U.S. government allowing it to continue selling vehicles. In January 2025, President Joe ...
Reuters

Volvo Cars wins US approval to keep importing vehicles with 'connected car' technology

WASHINGTON, May 26 (Reuters) - Volvo Cars (VOLCARb.ST), opens new tab, majority owned by China's Geely Holding(GEELY.UL), said on Tuesday it received approval from the U.S. government allowing it to ...