Microsoft

Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access

Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
11Alive

FTC warns consumers to beware of scam QR codes on surprise packages

ATLANTA — It’s a scam that’s been circulating social media for months, and now the Federal Trade Commission (FTC) wants to put consumers on notice: watch out for QR codes on an unexpected package ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the ...
Bleeping Computer

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. The security issue is tracked as CVE-2026-26956 and ...
WMBF News

Unexpected packages with QR codes could put your information at risk

MYRTLE BEACH, SC (WMBF) - The Better Business Bureau is warning consumers about a “brushing” scam involving unsolicited packages that arrive at their homes. The scam works by companies finding names ...
USA Today

Cookies, deodorant, socks. Iran war puts military packages in limbo

Dan F. was alarmed when his daughter, a Marine aboard the USS Tripoli, a warship deployed to fight the Iran war, sent him a photo of a meal served on the ship. A lunch tray, two-thirds empty, carried ...
BGR

QR Codes Are Everywhere – So Why Haven't We Run Out Yet?

QR codes, short for quick-response codes, are designed to store information for easy sharing. For example, instead of making someone open a browser on their phone and manually type out a specific URL ...
DualShockers

Cookie Run Kingdom Codes to Use in April 2026

Ethan Krieger is an Editor at DualShockers, where he covers reviews, guides, lists, features, previews, interviews, and gaming news. He began writing professionally in 2017 as a sports writer before ...
VentureBeat

Claude Code's source code appears to have leaked: here's what we know

VentureBeat made with Google Gemini 3.1 Pro Image Anthropic appears to have accidentally revealed the inner workings of one of its most popular and lucrative AI products, the agentic AI harness Claude ...
BGR

The FBI Warns Americans To Avoid Scanning These QR Codes

QR codes are built into the modern internet experience. You point your phone at the square with a strange pattern, and it'll load a website on your phone, which will offer specific information. But ...