The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
TMCnet

New AI Capabilities in Oracle OPERA Cloud Supercharge Hotel Operations

Oracle today announced Oracle OPERA Cloud Assistant, a new suite of AI-powered capabilities embedded directly within the familiar workflows of Oracle OPERA Cloud. These innovations help hoteliers ...
GIGAZINE

It was discovered that dozens of packages had backdoors embedded in them, accessible through Red Hat's official npm channel.

It has been revealed that multiple packages under the official Red Hat npm channel '@redhat-cloud-services' were compromised, and a worm-type malware that steals developer credentials was being ...
Rutland Herald

MathWorks Launches New Renesas Hardware Support Packages to Enable Rapid Prototyping of Embedded Systems for Automotive and Industrial Engineers

MATLAB and Simulink enable engineers to deploy embedded control algorithms directly to Renesas RA and RH850 microcontrollers using new hardware support packages for automotive and industrial ...
Morningstar

MathWorks Launches New Renesas Hardware Support Packages to Enable Rapid Prototyping of Embedded Systems for Automotive and Industrial Engineers

New Integration Enables MATLAB and Simulink Workflows on Renesas RA and RH850 Microcontrollers, Streamlining Code Generation, Deployment, and On-Hardware Execution for Faster Validation and Iteration ...
ZDNet

10 trillion downloads are crushing open-source repositories - here's what they're doing about it

Open-source repositories are collapsing under the strain of 10 trillion downloads annually. All the major repositories are joining together to tackle this problem. While a lack of funds is a major ...
Ars Technica

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...
Bleeping Computer

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. The dangerous release is 0.23.3, ...
Infosecurity-magazine.com

Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads

Security researchers have warned of a “critical, systemic” vulnerability in the model context protocol (MCP) which could have a significant impact on the AI supply chain. MCP is a popular open source ...
Reuters

Amazon strikes deal with USPS that maintains 80% of package volume

WASHINGTON, April 6 (Reuters) - Amazon.com (AMZN.O), opens new tab on Monday announced it reached a new agreement with the U.S. Postal Service on package deliveries, and sources said the cash-strapped ...
dbta

Build Less, Earn More: Unlocking ISV Revenue with Embedded Software

In the times of AI, being able to feed your models with accurate, relevant and secure information is everything. Discover how Named Entity Recognition helps ISVs extract meaningful insights from ...