The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
latesthackingnews.com

CVE-2026-48907: How the Joomla JCE Exploit Works and What to Do About It

CVE-2026-48907 in the Joomla JCE plugin lets unauthenticated attackers drop PHP web shells with a single crafted request.
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
GitHub

Drswith/vscode-json-string-code-editor

Choose from auto-detected languages Edit in a new tab with syntax highlighting Press Ctrl+S to save and sync back Note: Language detection is built into the extension and cannot be customized by users ...
GitHub

HimaxWiseEyePlus/Seeed_Grove_Vision_AI_Module_V2

This is a repository which step by step teaches you how to build your own examples and run on Seeed Grove Vision AI Module V2. Finally, teach you how to restore to the original factory settings and ...
PC World

Corsair’s new RAM kits include samurai art and dummy modules

PCWorld reports that Corsair’s new Shugo DDR5 RAM kits feature unique samurai-inspired artistic designs including ‘Onyx Blade’ and ‘Sakura Noa’ variants with micro-drilled holes for LED lighting. Each ...