A malicious npm package called `js-logger-pack` evolved through 29 versions into a full remote access trojan (RAT) named `MicrosoftSystem64` that exfiltrates stolen data to attacker-controlled Hugging…
Gergely Orosz reports that AI is amplifying team culture for better or worse, while Cloudflare demonstrates frontier models chaining exploits and outperforming single-agent verification in security re…
A malicious npm package called `js-logger-pack` evolved through 29 versions on the registry from April 2026 into a full remote access trojan that deploys an 81 MB binary named `MicrosoftSystem64` on W…
Five typosquatting npm packages published by accounts named "superbase" and "micresoft" contain a hidden 4.5 MB ELF binary that executes automatically upon `npm install` and, through a hijacked `Sessi…