Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Reuters

Microsoft to release new coding model next week, the Information reports

May 28 (Reuters) - Microsoft (MSFT.O), opens new tab will unveil a suite of new homegrown AI models next week at its annual "Build" conference for developers in San Francisco, including a coding model ...
Bleeping Computer

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...