Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with running a seemingly benign GitHub repository could execute a malicious payload that is ...
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Smithsonian Magazine

Cascade Red Foxes Are Notoriously Reclusive. So How Did This Photographer Capture These Stunning Images of the Endangered Species?

Even the scientists who study the animals rarely see them except on camera. But Gretchen Kay Stuart spent a season documenting them up close Photographs by Gretchen Kay Stuart Text by Jennie ...
The Hacker News

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat ...
New York Post

Socialist ‘Red Rabbits’ are training for national uprising against cops

As its national influence has risen, the Democratic Socialists of America (DSA) has simultaneously grown more extreme. Nowhere is this more apparent than in the group’s “Red Rabbits” initiative. The ...
Stars and Stripes

Massachusetts senator urges military to audit Express Scripts

WASHINGTON — Sen. Elizabeth Warren, D-Mass., urged the Defense Department to audit Express Scripts to determine if the pharmacy benefit manager is overcharging for prescriptions and steering military ...
CSO Online

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
GitHub

2026-06-07-mikanani-skills-implementation.md

For agentic workers: REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Goal: Refactor existing CLI into ...
Soompi

Watch: Ji Sung, Ha Yun Kyung, And More Test Chemistry At Script Reading For New Drama "The Apartment Job"

JTBC’s upcoming drama “The Apartment Job” has shared a glimpse of its first script reading session! “The Apartment Job” follows former gangster Hae Kang as he runs for apartment association president ...
The New York Times

In California Election Results, Beware the Red or Blue ‘Mirage’

Exactly when and how votes are counted in California can give misleading indications that a candidate is ahead. By Nick Corasaniti The exploding popularity of mail voting, combined with the immediacy ...