Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
GitHub

JSON-stat JavaScript Toolkit

This package (jsonstat-toolkit) contains the JSON-stat JavaScript Toolkit. There are three major versions. Version 2 is the last one and should work on any modern browser: it has been developed using ...
The Hacker News

Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels

The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through ...
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
InfoQ

Ky 2.0 Fetch API Wrapper with Revamped Hooks, Smarter Timeouts, and Built-In Schema Validation

Ky 2.0 is an open-source JavaScript HTTP client built on the Fetch API, featuring significant updates such as consolidated ...

The Untold Story of Jeffrey Epstein’s Death

New evidence, new interviews and the fullest investigation yet into the question of whether he killed himself.
GitHub

tj-actions/changed-files

Effortlessly track all changed files and directories relative to a target branch, the current branch (preceding commit or the last remote commit), multiple branches, or custom commits returning ...
Fair Observer

Putin–Xi Summit Was an Exercise in Diplomatic Discipline and Strategic Alignment

Russian President Vladimir Putin visited Beijing last week as a friend and supporter of China. Over the past decade, as the West has imposed embargoes and tariffs on Russia, China has been crucial to ...