Infosecurity Magazine

Lookalike npm Package Hides a Multi-Stage Windows RAT

A malicious npm package has been caught impersonating one of the JavaScript ecosystem's most widely used build tools. The ...

PaletteWright™ Now Available on the App Store for Mac

Mac color compiler turns captured & imported colors into accessible palettes, Figma Variables, design tokens, CSS, ...
The Next Web

Microsoft finds USB worm that steals cryptocurrency through clipboard hijacking and Tor

Microsoft discovered a self-spreading USB worm active since February that monitors clipboards for crypto wallets and routes stolen data through Tor.

Truelist Launches Recurring Email Validation to Keep Marketing Lists Clean Automatically

Automatically re-validate email lists weekly, biweekly, or monthly, catching bounces, spam traps, and dead domains ...

U.S. unemployment claims fell last week amid low layoffs

The increase in the so-called continuing claims, aligns with data showing many unemployed people are experiencing long bouts ...
ARTISTdirect

Android App NostalgicPod Brings iPod Classic Experience to Modern Phones

For just $4.99, Android users can step back into the golden age of portable music with NostalgicPod, a new app that faithfully reproduces Apple’s ...
latesthackingnews.com

CVE-2026-48907: How the Joomla JCE Exploit Works and What to Do About It

CVE-2026-48907 in the Joomla JCE plugin lets unauthenticated attackers drop PHP web shells with a single crafted request.
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Daily Sun

Trade deficit tops $24b amid heavy RMG reliance

Bangladesh’s trade deficit widened to US$24.16 billion in FY2024-25 as import expenditure continued to outstrip export ...
Indianapolis Business Journal

Indiana joins 16 other states and trade group in lawsuit over plastics packaging law

The suit argues that California’s recently finalized regulations will gradually force all companies to modify their plastics ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...