The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Websites have a new way to spy on visitors: Analyzing their SSD activity

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique, named FROST (fingerprinting remotely using OPFS-based SSD timing), allows ...
Opinion
Foreign AffairsOpinion

How to Counter Beijing’s Unauthorized “Distillation”

A new front has opened in the U.S.-China competition in artificial intelligence: open-weight, local AI models. Until recently, the most capable AI models were too big and too costly to run anywhere ...
Biometric Update

Secret Service tests mobile FRT app as federal biometric policing expands

Sentry is being tested by 25 Secret Service Uniformed Division officers in Washington, D.C. to determine whether the ...
Macworld

Marvel at over 250 fixes and improvements coming to your Apple devices this fall

Macworld reports that Apple’s fall updates will deliver 263 fixes and improvements across iOS, iPadOS, macOS, watchOS, and ...
Biometric Update

Heuristik targets healthcare biometrics with AI built for clinical conditions

Startup says its neural network can identify fingerprints in wet, blood-stained and clinical environments where traditional ...
Business Insider

ROC Achieves #1 Global Identification Accuracy in NIST FRIF Fingerprint Evaluation for National ID and Border Control Applications; Solidifies Mission-Critical Technical ...

First American company to achieve top-tier results across every NIST FRIF accuracy benchmark, including #1 global ranking in Class B slap fingerprints, a critical measure in high-scale civil and ...
The Hacker News

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...
TWCN Tech News

Fingerprint Reader not working in Windows 11

A Fingerprint Reader in Windows lets you log into your Windows laptop using your fingerprint. The feature provides biometric credentials to sign in to your account, eliminating the need to enter your ...
Security Boulevard

When AI Agents Become Bots: A Field Report from the Authentication Layer

Security vendors and their customers have spent considerable time debating where to draw the line between “legitimate” AI agents and “malicious” bots. A 31-day campaign against a major consumer ...