Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.
Gadget Review on MSN

Chrome's wallpaper extensions were stealing your data and faking Google traffic

Chrome wallpaper extensions stole user data and faked Google search traffic across 152 extensions - here is how to find and ...

FTC lawsuit reveals how subscription scam networks evade app store enforcement

A new FTC lawsuit reveals how sophisticated subscription app operators can allegedly use shell companies and payment ...

The xAI Trojan Horse Inside SpaceX's IPO

Much of SpaceX's IPO proceeds will repay legacy xAI/Twitter debt and fund aggressive AI capex, leaving limited capital for ...

How Circle’s Eclipse Reshapes Creator-Led Businesses

Circle's Eclipse launch brings AI, a discovery marketplace and a studio arm to help creators build community-led businesses.

Subscription required? Newspaper paywalls scatter most readers but provide surprising value

Paywalls are essential to the financial sustainability of news organizations, yet little is known about how readers respond ...
The Next Web

Mastodon adds email newsletters so people who don’t want an account can still follow creators on the open social web

Mastodon 4.6 lets creators send posts to email subscribers who don't have fediverse accounts. The feature targets institutions and independent publishers.