Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Hacker News

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

ClickFix attacks are delivering BabaDeda, Lorem Ipsum, and Potemkin loaders to deploy stealers, RATs, and ransomware-linked ...
GitHub

MCP Tools for Elementor

62 tools — free Elementor only 76 tools — free Elementor + Elementor 4.0 atomic elements 101 tools — with Elementor Pro 115 tools — with Elementor Pro + Elementor 4.0 120 tools — with Elementor Pro + ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

Microsoft Threat Intelligence has uncovered an active supply chain attack involving malicious npm packages registered under organizational scopes that mirror real internal corporate namespaces, ...