The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
CivicScience

The 2026 Publisher Subscription Landscape: Who’s Actually Paying for Content?

CivicScience engages directly with consumers, collecting over one million survey responses daily, to turn real-time insights ...
The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
MIT Technology Review

Just pull a string to turn these tile patterns into useful 3D structures

Inspired by the Japanese art of kirigami, an MIT team has designed a technique that could transform flat panels into medical devices, habitats, and other objects without the use of tools.

How a 20‑Year‑Old From New Jersey Became the Unhinged Prophet of the Looksmaxxing Movement

Looksmaxxing, jestermaxxing, mogged. A bizarre corner of the internet has breached containment.
SecurityWeek

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM

Hulud-like Sandworm_Mode supply chain attack targets NPM developers to steal secrets and poison AI assistants.
PCMag

Microsoft Pulls the Plug on Publisher This Fall. 8 Alternatives You Should Try Now

Microsoft is getting rid of Publisher later this year, so now's the time to find a replacement. I detail your best options, from novice-friendly creative apps to professional-level design suites.