The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
The Hacker News

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...
Infosecurity Magazine

Lookalike npm Package Hides a Multi-Stage Windows RAT

A malicious npm package has been caught impersonating one of the JavaScript ecosystem's most widely used build tools. The ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Hackaday

This Week in Security

Starting on June 11, 2026, the Arch User Repository (AUR) was targeted by malware which rapidly compromised over 1,500 packages. The AUR repository allows for abandoned community packages to be taken ...
LinkedIn

Daily Security Briefing -- 4 June 2026

HTTP/2 Bomb CVE-2026-49975-- single-connection memory exhaustion downs nginx, Apache, IIS, Envoy, and Cloudflare Pingora Researchers have disclosed a new denial-of-service technique called HTTP/2 Bomb ...
GitHub

Native WebSocket RPC and reactive subscriptions for SvelteKit

There was an error while loading. Please reload this page.
LinkedIn

Build Tiny Server with Model Context Protocol (MCP)

Most implementations I found pulled in multiple frameworks, so I wanted to see what the protocol actually required. Turned out the core loop is extremely small — JSON-RPC over stdio or HTTP — but a ...
GitHub

zengzzzzz/golang-trending-archive

Customer stories Events & webinars Ebooks & reports Business insights GitHub Skills ...