The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Circuit Digest

How to Build an IoT-Based Parking Space Detection System Using Raspberry Pi and CircuitDigest Cloud

Step 1: First, you need to make an account on the CircuitDigest Cloud. If you already have one, just go to the CircuitDigest ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
GitHub

PDF Parser for AI-ready data. Automate PDF accessibility. Open-source.

🔍 PDF parser for AI data extraction — Extract Markdown, JSON (with bounding boxes), and HTML from any PDF. #1 in benchmarks (0.907 overall). Deterministic local mode + AI hybrid mode for complex ...
GitHub

Source Parser

This package contains tools for parsing source code into annotated json data structure: we extracted import statements, global assignments, top-level methods, classes, class methods and attributes, ...
theregister

Netflix wiz creates app to slash AI bills, then open sources it

As the COOs from both Uber and Microsoft recently learned, encouraging company engineers to use AI aggressively can lead to hefty usage bills, perhaps even offsetting all the gains from laying off ...