The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.

The Supreme Court Quietly Embraced Clarence Thomas’ Theory of Race. It’s Already a Disaster.

The conservative supermajority’s move to constitutionalize “colorblindness” has sweeping implications in many other areas of ...

How ‘Leviticus’ Stars Joe Bird and Stacy Clausen Prepared to Take on the Roles of Two Closeted Teenagers for the Conversion Therapy Horror

"Leviticus" stars Joe Bird and Stacy Clausen on preparing for the conversion therapy horror, character choices and what's ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
CalMatters

Allow local governments to impose rent controls

Many cities, including San Francisco and Los Angeles, limit the amount a landlord can raise the rent each year — a policy known as rent control. But for nearly 30 years, California has imposed limits ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...