Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Days before Apple's WWDC, Google says Chrome is faster than ever on the M5 MacBook Pro

Just ahead of WWDC, Google's fresh benchmarks for the Chrome browser have revealed impressive speed boosts when optimized on ...

Chrome for macOS soundly beats browser benchmark records

Google has set new browser performance records for Chrome following a year of improvements, with the latest results made ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...

Synagogue shooters were hired by a foreign entity, Secretary of State for Combatting Crime says

The secretary’s comments follow a Toronto police announcement linking a shooters-for-hire network to multiple GTA shootings ...

SpaceX to debut on stock exchange, setting Elon Musk on course to be world's first trillionaire

The company says its shares could trade at about $135 each (£100), setting the company's valuation on track for about $1.75tn ...

Miasma worms its way onto GitHub as attack kit goes open source

As if the Miasma situation weren't bad enough, now this weapon is spreading like wildfire. Someone open sourced the entire ...
Bleeping Computer

Credit card theft campaign abuses Stripe to host stolen payment info

A new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. The entire malicious activity relies on Google Tag ...
The Hacker News

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

Multiple npm supply chain attacks used 50+ poisoned packages to spread IronWorm, a Rust-based stealer, and a Miasma worm ...

U.S. House advances bill to fund Trump’s immigration agenda for the rest of his term

The White House says the bill will provide US$38-billion for Immigration and Customs Enforcement, US$26-billion for the ...
Security Boulevard

When AI Agents Become Bots: A Field Report from the Authentication Layer

Security vendors and their customers have spent considerable time debating where to draw the line between “legitimate” AI agents and “malicious” bots. A 31-day campaign against a major consumer ...