The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
The Next Web

Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites

Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.
GitHub

nuvanahq/tb-daily-csfa-report

Automated daily reporting system for Tintas Berger CSFA (Customer Sales Force Automation) data. Fetches sales visits, orders, and product details, generates Excel reports, and sends them via email.