The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
WAVY-TV

USPS holiday shipping deadlines

A man has been arrested in connection to a June 10 shooting in which another woman died in a Virginia Beach apartment they shared. Link: https://www.wavy.com/news ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...