Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
GitHub

PolinRider: DPRK Threat Actor Implants Malware in Hundreds of GitHub Repos

The OpenSourceMalware team has uncovered a massive threat campaign that is implanting malware in GitHub users and organizations repositories. The threat actor, PolinRider, has implanted a malicious ...
Fair Observer

America Misread China’s History and Helped Build Its Global Power

According to a well-known anecdote, when former US Secretary of State Henry Kissinger met with Chinese Premier Zhou Enlai in 1971 to prepare for the Richard Nixon–Mao Zedong summit, Kissinger asked ...