The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
latesthackingnews.com

Atomic Arch: 400+ AUR Packages Backdoored with eBPF Rootkit and Credential Stealer

An AUR supply chain attack compromised more than 400 Arch Linux packages from 11 June 2026, planting a Rust credential stealer and an eBPF rootkit that hides from standard inspection tools.
GitHub

lenucksi/aur-malware-check

Detection and analysis tools for the atomic-lockfile supply-chain attack on the Arch User Repository (AUR), generalized to a campaign-based architecture that handles multiple concurrent and historical ...
Fast Company

The Pentagon just dropped ‘never-before-seen’ UFO files online—here’s how to see them yourself

The Pentagon is releasing “never-before-seen” files on UFOs. The files, many of which have been under wraps for decades, can now be accessed by anyone online. The statement went on to blame previous ...
Fast Company

Someone turned the Epstein files into a public library. Here’s how to see it

A new library is opening up in New York City this Friday, but rather than books, the space will house 3,437 volumes and roughly 3.5 million pages of the Epstein Files. The Donald J. Trump and Jeffrey ...
Wired

A Library Dedicated Solely to the Epstein Files Is Opening in New York

The Institute for Primary Facts has compiled more than 3.5 million pages of the Epstein files for public display at the newly opened Donald J. Trump and Jeffrey Epstein Memorial Reading Room. In the ...
MassLive

Judge allows Karen Read to use fired investigator’s texts in forthcoming lawsuit

DEDHAM — A Norfolk Superior Court judge cleared the way for Karen Read to use what her lawyers have dubbed racist and homophobic text messages on former Massachusetts State Police trooper Michael ...
Ars Technica

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...
InfoQ

AWS Introduces S3 Files, Bringing File System Access to S3 Buckets

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
VentureBeat

Amazon S3 Files gives AI agents a native file system workspace, ending the object-file split that breaks multi-agent pipelines

AI agents run on file systems using standard tools to navigate directories and read file paths. The challenge, however, is that there is a lot of enterprise data in object storage systems, notably ...
Bleeping Computer

Backdoored Telnyx PyPI package pushes malware hidden in WAV audio

TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. Earlier today, the ...