Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Days before Apple's WWDC, Google says Chrome is faster than ever on the M5 MacBook Pro

Just ahead of WWDC, Google's fresh benchmarks for the Chrome browser have revealed impressive speed boosts when optimized on ...
Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...

Chrome for macOS soundly beats browser benchmark records

Google has set new browser performance records for Chrome following a year of improvements, with the latest results made ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
Cryptopolitan on MSN

IronWorm malware plants rootkit in Arweave ecosystem npm libraries

A malware named IronWorm spread through 36 npm packages in the Arweave ecosystem, stealing developer credentials and self ...

Trump insists Iran deal will open Strait of Hormuz 'toll-free' as he meets world leaders

But Donald Trump also called the fighting in Lebanon as "the minor war" and described the Iranian-backed group Hezbollah as ...

Synagogue shooters were hired by a foreign entity, Secretary of State for Combatting Crime says

The secretary’s comments follow a Toronto police announcement linking a shooters-for-hire network to multiple GTA shootings ...

Miasma worms its way onto GitHub as attack kit goes open source

As if the Miasma situation weren't bad enough, now this weapon is spreading like wildfire. Someone open sourced the entire ...

SpaceX to debut on stock exchange, setting Elon Musk on course to be world's first trillionaire

The company says its shares could trade at about $135 each (£100), setting the company's valuation on track for about $1.75tn ...
Bleeping Computer

Credit card theft campaign abuses Stripe to host stolen payment info

A new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. The entire malicious activity relies on Google Tag ...