Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

Microsoft discovers new lightweight backdoor that steals cryptocurrency

Microsoft says it has detected new self-propagating malware that spreads through USB drives in search of cryptocurrency ...
The Caledonian-Record

Pattern Announces Launch of Proposed Secondary Offering of Series A Common Stock

Pattern Group Inc. (Nasdaq: PTRN) (“Pattern”), a leader in accelerating brands on global ecommerce marketplaces leveraging proprietary technology and AI, today announced the launch of a public ...
LGBTQ Nation on MSN

A trans woman complained about her suffering in jail. Days later, guards found her dead.

The 32-year-old's death "is not accidental," according to a local trans advocacy group.

For people in Detroit and Windsor, Gordie Howe bridge delay fits a familiar – and frustrating – pattern

The international bridge whose opening was abruptly cancelled this week has long been fought against by the billionaire ...
The Caledonian-Record

Omdia: Semiconductor Market Surpasses $300bn Quarterly Revenue in 1Q26 as Memory Market Shifts Historical Patterns

Following a record-setting year for the semiconductor industry, the start of the new year has continued the momentum, as ...
CSO Online

Microsoft says web-enabled AI agents can trigger host-level RCE

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...
The Register-Herald

AP exclusive: Doctors Without Borders report found cases of abuse and exploitation by staff in Chad

A confidential internal memo obtained by The Associated Press says that the international aid group Doctors Without Borders ...
The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...