The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
GitHub

Vectra: a local vector database

Vectra ships an llms.txt file that gives coding agents everything they need to integrate Vectra into your project. Point your agent at it and let it do the work: Read ...
The Hacker News

Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per ...
GitHub

aeagisdev/rpgm-nwjs-automator

This launches the modern GUI with dashboard, drag-and-drop game selection, batch processing, plugin management, and dark/light theme support.