The Hacker News

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Malicious npm package '@openclaw-ai/openclawai' downloaded 178 times installs GhostLoader RAT, stealing credentials and crypto wallets.
GitHub

Fox-Fig/slipstream-rust-plus-deploy

Advanced deployment automation for Slipstream Rust Plus. A comprehensive automation script for deploying and managing high-performance DNS tunnel servers on Linux and Android systems. This script ...
Opinion
Security BoulevardOpinion

The Chrome Extension Backdoor: How ‘Productivity Tools’ Became Enterprise Attack Vectors

Millions installed 'productivity' Chrome extensions that became malware after acquisition. Here's how browser extensions became enterprise security's weakest link.
Bleeping Computer

What 5 Million Apps Revealed About Secrets in JavaScript

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder’s research team built a new secrets detection method and scanned 5 ...
TwinCities.com

State Department orders nonprofit libraries to stop processing passport applications

NORWICH, Conn. (AP) — The U.S. State Department has ordered certain public libraries nationwide to cease processing passport applications, disrupting a long-standing service that librarians say their ...
IEEE

Debun: Detecting Bundled JavaScript Libraries on Web using Property-Order Graphs

Abstract: Detecting front-end JavaScript libraries in web applications is essential for website profiling, vulnerability detection, and dependency management. However, bundlers like Webpack transpile ...
GitHub

ProFSAM – Promptable Fire Segmentation using SAM2

To run the notebooks, you must first clone/download the official SAM2.1, MobileSAM, and TinySAM repositories from their respective sources, then place the provided script/ folders from this repo into ...