The Hacker News

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

npm 12 disables install scripts by default, requiring explicit approval to reduce dependency-based code execution risks.
techtimes

Claude Code Dynamic Workflows: Scripts Replace Context Windows, Ultracode Automates Orchestration

Anthropic shipped Claude Code Dynamic Workflows as a research preview on May 28, 2026, and the feature is architecturally more consequential than the Opus 4.8 benchmarks that dominated most coverage ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
Windows Report

Microsoft Links Mastra AI npm Supply Chain Attack to North Korean Sapphire Sleet Hackers

Microsoft links the recent Mastra AI npm supply chain attack to , a North Korean group known for cryptocurrency theft ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Malicious apps got into the Arch User Repository - how to protect yourself

Malicious apps got into the Arch User Repository - how to protect yourself ...

Microsoft has mostly repaired flaw in Surface hardware that allowed unprotected devices to be bricked by a single packet

EXCLUSIVE For the past 90 days, Microsoft has been quietly patching a firmware flaw in Surface devices that allowed the ...
Windows Latest

Secure Boot deadline: Microsoft reveals what happens to Windows 11 PCs if you missed the update

Your PC won't stop working if it misses the Secure Boot 2023 update. But here's what changes for older PCs and Windows 11 ...

Linux users face a Microsoft Secure Boot headache - here's the painkiller

Linux users face a Microsoft Secure Boot headache - here's the painkiller ...
Arabian Post on MSN

Trusted tools become malware delivery routes

Attackers are increasingly abusing legitimate system utilities and widely used administrative tools to deliver malware, move through networks and avoid detection, forcing security teams to rethink ...

XBOW tests Anthropic's Mythos Preview for offensive security

Anthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code.
CoinDesk

Microsoft found malware that hijacks crypto wallets and spreads through USB sticks

The software intercepts shortcut files and directs them to install a worm that harvests private keys from the Windows ...