The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.

Anthropic’s Mythos model found vulnerabilities in classified US government systems: AP

Anthropic’s Mythos AI found U.S. classified system vulnerabilities in hours, sparking security and policy tensions.