The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
InfoQ

Azure Functions Ships Serverless Agents Runtime at Build 2026

Azure Functions shipped a serverless agents runtime in public preview at Build 2026. Agents are defined in .agent.md markdown ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
GitHub

External app for X4 Foundations game.

Shows real-time logbook entries, mission offers, currently active mission details and player information. Application is served on a local port, so it can be run locally or on multiple network devices ...
The Hacker News

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...
Fair Observer

Cairo’s Double Game: Egypt Arms a Sanctioned General While Playing Peacemaker

Egypt is arming a US-sanctioned Sudanese commander, conducting drone strikes and sharing intelligence — all while participating in US-led peace talks. At the same time, it allows Iranian weapons to ...
GitHub

A codebase to support a pure JSON search engine requiring no backend for any XHTML5 document collection

This codebase, developed by Joey Takeda and Martin Holmes, provides a configurable, customizable tool which you can point at an XHTML5 document collection and have it generate a search page which ...