The Hacker News

144 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

The ‘Miasma’ worm source code briefly leaked on GitHub

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain ...

Anthropic and US officials meeting Monday to resolve dispute over export curbs, administration official says

WASHINGTON, June 15 (Reuters) - Senior Anthropic technical staff are scheduled to meet with government officials at the U.S.
Tech Times

npm v12 Security Overhaul Blocks Install Scripts by Default: July Deadline for CI Migration

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...

Miasma worms its way onto GitHub as attack kit goes open source

As if the Miasma situation weren't bad enough, now this weapon is spreading like wildfire. Someone open sourced the entire ...
InfoWorld

10 tips for getting better R code from your AI coding agent

With the proper setup and guidance, you can have Claude Code, Codex, Posit Assistant, and other coding agents writing R code ...
The Hacker News

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...
GovInfoSecurity

Mastra AI Framework Poisoned in npm Supply-Chain Attack

The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation ...

WordPress Plugins: Supply Chain Attack Puts 1.2 Million Sites at Risk

In a supply chain attack, attackers install backdoors through the WordPress plugins OptinMonster, TrustPulse, and PushEngage.
Tech Times

Zelda: Ocarina of Time Remake Confirmed Full Rebuild Before Nintendo Pulled Store Text

Zelda: Ocarina of Time remake Switch 2 store page confirmed a full ground-up rebuild before Nintendo removed the phrase from ...
TMCnet

Cloudflare Acquires VoidZero to Build the Future of the AI-Native Web

VoidZero's toolchain, anchored by Vite, has emerged as the shared substrate for the web ecosystem, capturing over 130 million weekly downloads. The Cloudflare Vite plugin has reached 13.9 million ...
Goodwood

OLO: the Sheffield startup teaching everyone to speak robot

Sheffield startup OLO Robotics has built a way to program robots from a web browser, no PhD or coding experience required.