The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
GitHub

willow-god/Friend-Circle-Lite

🐱一个精简版,无后端,且仅利用github action运行的精简版友链朋友圈程序,兼容fc的json格式信息,同时支持推送友圈更新 ...
LinkedIn

Prevent JSON Errors with Constrained Decoding

The editor knows to read it. An AI agent reading the raw JSON doesn't. So when a founder hands that JSON to an agent and asks it to rebuild the app in code, the agent reads 50 user fields and rebuilds ...