The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
GitHub

notoriouslab/browser-mcp-lite

Give your AI assistant eyes into your real browser — in ~500 lines of code. A minimal, auth-secured MCP server that lets AI assistants read pages, take screenshots, and run scripts in your actual ...
GitHub

Tailwind Nextjs Starter Blog

This is a Next.js, Tailwind CSS blogging starter template. Version 2 is based on Next App directory with React Server Component and uses Contentlayer to manage markdown content. Probably the most ...
The Sports Rush

“Bro is making the world a better place”: Fans react to MrBeast helping 1000 people see for the first time

MrBeast is the biggest creator on YouTube, but aside from just raking in the cash, he also gives back. Recently, he posted on Twitter that his team helped 1000 people see for the first time. He urged ...