Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
Dark Reading

'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...
ClutchPoints

NBA The Run Beta – How to Play, Start & End Times

The NBA The Run Beta is on the way, offering players a chance to try out the upcoming 3v3 streetball game for free. This experience allows everyone on console and PC to play together with some of ...
NBC News

Rep. Thomas Massie files paperwork to run in 2028, says he hasn’t made a ‘final decision’ about his political future

Fresh off last week’s primary loss, Rep. Thomas Massie, R-Ky., announced Monday he had filed paperwork for a 2028 run for the House — or something else. Subscribe to read this story ad-free Get ...
HME News

FTC settles with Express Scripts on agreement to change PBM practices

WASHINGTON – The Federal Trade Commission (FTC) has secured a landmark settlement with one of the nation’s largest pharmacy benefit managers (PBMs), Express Scripts, Inc., and its affiliated entities ...
The Hacker News

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to ...