The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...
Tech Times

npm v12 Security Overhaul Blocks Install Scripts by Default: July Deadline for CI Migration

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...
JD Supra

When the worm targets the assistant: Miasma turns AI coding agents into the trigger

GitHub disabled 73 repositories across four Microsoft organizations on June 5 after the self-replicating supply-chain campaign known as ...
GitHub

Foundation runtime type infrastructure for JavaScript. A monorepo of four small, focused packages providing cross-realm type detection, function introspection, type identity ...

All packages share the same runtime floor: Chrome 80+, Firefox 74+, Safari 13.1+, Edge 80+, Node 22+. See the browserslist field in each package's package.json. Pre-release. APIs are being designed; ...
SecurityWeek

In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum

Other noteworthy stories that might have slipped under the radar: Android TV botnet Popa linked to Israeli firm, Velvet Ant maintained decade-long stealth, unpatched GCP Config Connector flaw enables ...
The Hacker News

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

Multiple npm supply chain attacks used 50+ poisoned packages to spread IronWorm, a Rust-based stealer, and a Miasma worm ...
Visual Studio Magazine

.NET 11 Preview 5 Focuses on Performance, Productivity and Safer Code

NET 11 Preview 5 focuses on under-the-hood runtime performance gains, streamlined APIs and language features that reduce boilerplate, plus built‑in security checks and incremental ASP.NET Core and EF ...