The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.

The Supreme Court Quietly Embraced Clarence Thomas’ Theory of Race. It’s Already a Disaster.

The conservative supermajority’s move to constitutionalize “colorblindness” has sweeping implications in many other areas of ...

How ‘Leviticus’ Stars Joe Bird and Stacy Clausen Prepared to Take on the Roles of Two Closeted Teenagers for the Conversion Therapy Horror

"Leviticus" stars Joe Bird and Stacy Clausen on preparing for the conversion therapy horror, character choices and what's ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
CSO Online

Microsoft says web-enabled AI agents can trigger host-level RCE

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...
Tech Times

npm v12 Security Overhaul Blocks Install Scripts by Default: July Deadline for CI Migration

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...