Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
GitHub

The Mac app Claude Code deserves

A free, open-source native macOS application that gives Claude Code a proper graphical interface — chat, activity feed, file viewer, preview browser, spec writer, self-drive, terminals, and much more.
GitHub

Tailwind Nextjs Starter Blog

This is a Next.js, Tailwind CSS blogging starter template. Version 2 is based on Next App directory with React Server Component and uses Contentlayer to manage markdown content. Probably the most ...
The Sports Rush

“Bro is making the world a better place”: Fans react to MrBeast helping 1000 people see for the first time

MrBeast is the biggest creator on YouTube, but aside from just raking in the cash, he also gives back. Recently, he posted on Twitter that his team helped 1000 people see for the first time. He urged ...