The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

U of M invests in women's basketball program, new coach Hana Haden

Preview this article 1 min The University of Memphis women's basketball team hasn't made the NCAA Tournament since 1998.

Corporate Counsel Awards 2026: Mercy legal leader tackles AI as healthcare innovation creates new design challenges

The vice president and assistant general counsel at Mercy manages regulatory risks for artificial intelligence and digital ...
CSO Online

Microsoft says web-enabled AI agents can trigger host-level RCE

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...

I let Claude audit my messy Home Assistant setup, and it was a massive wake-up call

I gave Claude access to my Home Assistant. It helped me audit, debug, and improve my smart home better than I ever could have ...

TIOBE Index for June 2026: Top 10 Most Popular Programming Languages

Python’s lead narrows again, C holds the runner-up spot, C++ returns to third, and SQL climbs back above R in June’s top 10 ...
The Next Web

Henrique Schmaiske and the human work behind Meteor 3.0

Meteor CTO Henrique Schmaiske led the framework's largest release in over a decade, removing Fibers and migrating to async/await across 2,300 commits while keeping 500,000+ active installations stable ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Caledonian-Record

With Trump in a holding pattern on Iran war, allies and critics worry he risks getting boxed in

President Donald Trump insists he's comfortable with the current holding pattern in the Iran war. But the Republican president faces warnings from foes and allies alike that he’s getting boxed ...

For people in Detroit and Windsor, Gordie Howe bridge delay fits a familiar – and frustrating – pattern

The international bridge whose opening was abruptly cancelled this week has long been fought against by the billionaire ...
ExtremeTech

Websites Can Now Peek at Your SSD to See What Else You're Up To

There's reportedly a new way for websites to spy on visitors: by monitoring how their computers' SSDs behave. The technique is called FROST, short for "fingerprinting remotely using OPFS‑based SSD ...