The Hacker News

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Malicious npm package '@openclaw-ai/openclawai' downloaded 178 times installs GhostLoader RAT, stealing credentials and crypto wallets.
InfoWorld

First look: Electrobun for TypeScript-powered desktop apps

Powered by the TypesScript-native runtime Bun, Electrobun improves Electron with a smaller application footprint and built-in update mechanisms.

New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.
Cybernews

Who owns your Chrome extension? Researchers warn side projects are being turned into malware

Many Chrome extensions start as small developer projects, and once they gain users, are sold on. But what if the new owner turns out to be a bad actor who gains the ability to update software running ...

Starmer was warned of 'reputational risk' over Mandelson's links with Epstein, files show

Newly released documents on Mandelson's appointment as US ambassador also say he asked for £547,000 when sacked - he received ...
InfoQ

Webpack Publishes 2026 Roadmap with Native CSS Support, Universal Target, and Path to Version 6

Webpack's 2026 roadmap, led by Even Stensberg, unveils substantial enhancements aimed at modernizing the bundler. Key features include native CSS module support, universal compilation for various ...
CNET

Best Stores for Buying MP3 and Digital Music You Can Keep Forever

TV and home video editor Ty Pendlebury joined CNET Australia in 2006, and moved to New York City to be a part of CNET in 2011. He tests, reviews and writes about the latest TVs and audio equipment.