The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Infosecurity Magazine

Lookalike npm Package Hides a Multi-Stage Windows RAT

A malicious npm package has been caught impersonating one of the JavaScript ecosystem's most widely used build tools. The ...
note

Updated Hybrid-Sensitivity-Weighted-Quantization v1.21 - SDXL Benchmark: Transformers 5.6+ CLIP Compatibility Fix

Running the SDXL FP8 benchmark after pip install -U transformers failed during pipeline construction, before any image generation or SSIM/MSE measurement. The failure occurs inside diffusers while ...