The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
GitHub

joypciu/sports_data_real_time_fetch

A sports data pipeline that pulls live and historical game data from ESPN's public API, enriches it with secondary sources, and loads it into a queryable DuckDB database — with a unified process ...