Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...

‘Fix this code’—the three little words behind the U.S. government decision that shut down Anthropic’s Fable and Mythos AI models

The Fable jailbreak was trivially easy, an independent security researcher found. But she and other experts say Fable's value ...
CNET

The Netflix Secret Codes That Unlock Every Hidden Genre in the Library

Netflix's hidden genre codes bypass the algorithm entirely and drop you straight into whatever category you're actually in ...
GitHub

Claude Code Ultimate Guide

6 months of daily practice distilled into a guide that teaches you the WHY, not just the what. From core concepts to production security, you learn to design your own agentic workflows instead of copy ...

The ‘Miasma’ worm source code briefly leaked on GitHub

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain ...
CSO Online

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
The Hacker News

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...
Crowdfund Insider

Cybercriminals Exploit Fintech Platform Stripe in Credit Card Skimming Operation

An emerging wave of rather concerning online theft is leveraging one of the Fintech sector’s most widely used platforms in order to conceal and reportedly distribute malicious code designed to harvest ...
Bleeping Computer

Credit card theft campaign abuses Stripe to host stolen payment info

A new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. The entire malicious activity relies on Google Tag ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its own. Here's what you can do about it.