The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
OS X Daily

Need Java on MacOS? Here’s How to Install Java (JDK/JRE) on Mac with Eclipse Temurin

Need to install Java on your Mac to run a particular application? While most Mac users will never need Java, there are ...

‘Leviticus' Stars Joe Bird and Stacy Clausen on Playing Gay Teens for Conversion Therapy Horror

SPOILER ALERT: This story contains spoilers from “Leviticus,” now in theaters. "I want it to look like you" might be the ...
PCMag

Your Steam Deck Is Secretly a Linux PC. Here Are 10 Ways to Unlock Its Full Potential

Valve's SteamOS hides a powerful Linux desktop beneath its console-like interface. With a few button presses, you can unlock ...
The Next Web

The developer behind VLC’s 6 billion downloads now wants to connect hundreds of millions of robots

Jean-Baptiste Kempf, the developer behind VLC's 6 billion downloads, raised $5M from Lightspeed for Kyber, an SDK for controlling remote machines in real time.
GitHub

VStube - YouTube in VS Code

Watch and search YouTube videos directly inside Visual Studio Code! No more switching tabs—code and watch side-by-side.