Morning Overview on MSN

The fake-CAPTCHA trick spreading now asks you to paste a command that installs malware

The Federal Trade Commission issued a consumer alert in June 2026 warning that a new breed of fake CAPTCHA pop-ups is tricking Windows users into running malicious commands on their own computers. The ...
The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

Omaha speaks up: Letters to the editor for the week of Jun. 12, 2026

Herald. Want your voice to be heard in The Pulse? Fill out this form, or shoot us an email at pulse@owh.com. Javascript is ...

Microsoft patches Exchange Server zero-day exploited in attacks

Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary ...
techtimes

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...
theregister

This dev made a Llama with three inference engines

Developers looking to gain a better understanding of machine learning inference on local hardware can fire up a new llama engine. Software developer Leonardo Russo has released llama3pure, which ...
The Business Journals

Vornado buys Midtown Manhattan office building for $141M, plans demolition

To continue reading this content, please enable JavaScript in your browser settings and refresh this page. Preview this article 1 min Vornado Realty Trust is tearing ...
Reuters

China imports record amount of Mongolian coal in September

BEIJING, Oct 20 (Reuters) - China's imports of Mongolian coal reached a record monthly high in September, customs data showed on Monday, as Beijing's efforts to tackle overcapacity pushed up domestic ...
TechRadar

This new phishing kit turns PDF files into malware - here's how to stay safe

MatrixPDF phishing kit weaponizes PDFs using embedded JavaScript and redirect mechanisms It mimics legitimate tools, offering drag-and-drop import, content blur, and Gmail bypass features To stay safe ...
qz

How one programmer broke the internet by deleting a tiny piece of code

A man in Oakland, California, disrupted web development around the world last week by deleting 11 lines of code. The story of how 28-year-old Azer Koçulu briefly broke the internet shows how writing ...
Krebs on Security

18 Popular Code Packages Hacked, Rigged to Steal Crypto

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...
Ars Technica

Adult sites are stashing exploit code inside racy .svg files

Dozens of porn sites are turning to a familiar source to generate likes on Facebook—malware that causes browsers to surreptitiously endorse the sites. This time, the sites are using a newer vehicle ...