Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Hacker News

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...
ProPublica

ProPublica — Investigative Journalism and News in the Public Interest

The United States is requiring access to health data as part of lifesaving aid deals with African countries. The U.S. says the data will be aggregated and anonymized, but privacy experts fear the ...