Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...

U.S. Bank Stadium seeks architects to replace hail-damaged roof

The Minnesota Sports Facilities Authority plans to install a new roof at U.S. Bank Stadium, home of the Minnesota Vikings, ...

Method Architecture says automation is inevitable, but AI can't replace humanity

Method Architecture Principal Jake Donaldson argues that culture and human judgment remain irreplaceable assets as machines ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Anthropic's Claude Code Artifacts update brings live, shared dashboards and interactive workspaces to enterprises

By turning the terminal into a live, collaborative canvas, Anthropic is proving that the most valuable output of an AI coding ...
The Hacker News

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.

Microsoft discovers new lightweight backdoor that steals cryptocurrency

Microsoft says it has detected new self-propagating malware that spreads through USB drives in search of cryptocurrency ...
The Caledonian-Record

What school districts actually spend to replace a single school bus, and why the number keeps climbing

BusesForSale reports that rising school bus replacement costs outpace budgets due to increased prices, tariffs, and halted federal rebate programs.
The Hacker News

152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic

Researchers found 152 Chrome extensions with 105,000 installs tied to adware, data collection, and fake Google organic traffic.
CSO Online

Microsoft says web-enabled AI agents can trigger host-level RCE

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...
InfoWorld

10 tips for getting better R code from your AI coding agent

With the proper setup and guidance, you can have Claude Code, Codex, Posit Assistant, and other coding agents writing R code ...

105K Chrome Installs Linked to Adware and Fake Google Traffic

Socket researchers linked 152 Chrome wallpaper extensions to hidden data logging, fake Google search traffic, and ad ...