The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.
InfoQ

Ky 2.0 Fetch API Wrapper with Revamped Hooks, Smarter Timeouts, and Built-In Schema Validation

Ky 2.0 is an open-source JavaScript HTTP client built on the Fetch API, featuring significant updates such as consolidated ...

10 signs that someone is monitoring or accessing your accounts - how to stop them

10 signs that someone is monitoring or accessing your accounts - how to stop them ...
The Hacker News

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

Researchers found 15 malicious JetBrains plugins posing as AI coding tools that exfiltrate OpenAI, DeepSeek, and SiliconFlow ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Fair Observer

Is Football a Force for Good or Evil?

Football is not just a sport: basketball, boxing, cricket, tennis, and other hugely popular endeavors are. But not football. It’s set apart; it transcends sports to the point where it shares the same ...
GitHub

Sehab121/awesome-openclaw-skills-CN

claude-optimised - Guide for writing and optimizing CLAUDE.md files claude-team - Orchestrate multiple Claude Code workers via iTerm2 clawder - Use Clawder to sync identity, browse post cards, swipe ...