Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the ...
PBS

Millions lose SNAP benefits as One Big Beautiful Bill's stricter requirements kick in

SNAP enrollment has fallen sharply nationwide since the passage of the One Big Beautiful Bill Act last summer. More than 3.5 million people have lost access to the food assistance, as states implement ...