Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Hacker News

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.
The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its own. Here's what you can do about it.
Bleeping Computer

VS Code zero-day lets hackers steal GitHub tokens in one click

A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a ...
GitHub

Marlin 2.x for the Creality CR-10S

The name of this repository is quite self-explanatory: Marlin-CR10S is Marlin 2.x firmware for the Creality CR-10S 3D Printer which, by default, has the Creality V2.2 Motherboard installed. This ...
Hindustan Times

Did 19-year-old Nisarga Adhikary hack CBSE OSM portal? Claims, counterclaims explained

While still in the midst of fury from students on the On Screen Marking (OSM) system for Class 12 board exams, the Central Board of Secondary Education (CBSE) found itself at the centre of another ...
India Today

Nisarga Adhikary, 19, claims he hacked CBSE marking portal, warned board earlier

A teen cybersecurity researcher’s blog post alleging serious flaws in CBSE’s On-Screen Marking portal has triggered concern online after entrepreneur Deedy Das amplified the issue on X. The researcher ...