Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...

A company rolls out an AI customer service assistant. The model behind it is current and capable enough for the job. The assistant goes live. Within a week, support tickets are getting worse, not ...

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

I gave Claude access to my Home Assistant. It helped me audit, debug, and improve my smart home better than I ever could have ...

I ditched my terminal for Claude's built-in code executor, and I'm not going back.

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

Rubrik (NYSE: RBRK) today introduced two new Identity Resilience capabilities to expand its product suite. The first, ...

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.

Georgia lawmakers are expected to try to clean up an election mess of their own making when they return to the Capitol this week for a special session. The election ...

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...