Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Stratacache adds to string of real estate deals with $18M Trotwood sale

The sale follows CEO Chris Riegel auctioning off two significant downtown Dayton high-rises as the company refocuses on ...
The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...
Total Telecom

FIFA scams shift focus from fans to employees, CUJO AI finds

Major global sporting events have always attracted opportunistic fraud. The 2026 FIFA World Cup, played across the United ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

Popular clothing retailer to return to The Summit

Nearly 10 new stores, restaurants and entertainment spots — including some first-to-state locations — are expected to open in ...

The ‘Miasma’ worm source code briefly leaked on GitHub

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain ...

Belgium show further signs of decline in draw with Iran

Follow live text updates and listen to BBC Radio 5 Live commentary as Belgium take on Iran at the Los Angeles Stadium in ...

Days before Apple's WWDC, Google says Chrome is faster than ever on the M5 MacBook Pro

Just ahead of WWDC, Google's fresh benchmarks for the Chrome browser have revealed impressive speed boosts when optimized on ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...

World Cup 2026: Messi’s Argentina & Mbappe’s France among teams to play later

All the latest reaction from the 2026 Fifa World Cup as Egypt & Spain win, Cape Verde claim draw and Belgium decline.