The Hacker News

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Malicious npm package '@openclaw-ai/openclawai' downloaded 178 times installs GhostLoader RAT, stealing credentials and crypto wallets.

keote Secures U.S. Utility Patent for Its Signature Keychain Tote Design

Designer and entrepreneur Rachael OBorsky has received U.S. Utility Patent No. 12,495,873 B2 for the signature keychain ...
CSO Online

Devs looking for OpenClaw get served a GhostClaw RAT

GhostClaw poses as an OpenClaw installer package, stealing system credentials and sensitive data before deploying a persistent RAT.
Milwaukee Journal Sentinel

New Ships logo project gives Manitowoc students creative control

Manitowoc Public School District students are designing a new "Ships" logo for the district. The project provides students with real-world experience in branding and design. The theme for the new logo ...
WDW News Today

Disneyland Has a New Logo Mug & Keychain Available to Purchase

A simple new mug featuring the Disneyland “D” logo is available at Disneyland Resort, as well as a castle keychain. This stoneware mug has a matte white finish. The Disneyland “D” logo is debossed ...
InfoWorld

What makes JavaScript great

JavaScript’s low bar to entry has resulted in one of the richest programming language ecosystems in the world. This month’s report celebrates the bounty, while also highlighting a recent example of ...
heise online

Popular JavaScript package is: Malware through supply chain attack

Maintainer Jordan Harband writes on Bluesky that attackers had taken over the account of another project manager. Versions 3.3.1 and 5.0.0 of the package are affected. Both versions were apparently ...
heise online

Supply chain attack: Solana web3.js library was infected with malicious code

Anyone who has recently downloaded the JavaScript SDK web3.js from Solana from the package manager npm may have picked up malicious code. The origin is probably a phishing attack on maintainers of the ...