New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.
Hackaday

This Week In Security: Plenty Of Patches, Replacing Old Gear, And Phrack Calls For Papers

When Friday the Thirteenth and Patch Tuesday happen on the same week, we’re surely in for a good time. Anyone who maintains any sort of Microsoft ecosystem knows by now to brace for impact ...
PCQuest on MSN

Hidden text in PDFs may be fooling AI paper reviewers

What if a weak research paper did not need better ideas, better data, or better science: just a hidden line of text to fool an AI reviewer? That is the unsettling question behind a new ...