InfoQ

Ky 2.0 Fetch API Wrapper with Revamped Hooks, Smarter Timeouts, and Built-In Schema Validation

Ky 2.0 is an open-source JavaScript HTTP client built on the Fetch API, featuring significant updates such as consolidated ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
IGN

Bee Swarm Simulator Codes (January 2026)

If you’re looking to beef up your Bee Swarm Simulator hive with some free redeemable codes, we have you covered. This article has compiled all of the active Bee Swarm Simulator codes currently ...
The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

Crypto Guys Bought the Answer to the CIA’s Mysterious Kryptos Sculpture

They swear they haven’t peeked at the closely guarded secret and that they’ll keep the cryptographic competition going.
The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
Cryptopolitan

Reaper malware hijacks Script Editor to drain crypto wallets on macOS

Reaper malware targets macOS users via Script Editor to steal crypto wallets, browser passwords, and sensitive files.