The Hacker News

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts.
The Hacker News

UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours

UNC6426 used stolen GitHub tokens from the 2025 nx npm breach to gain AWS admin access in under 72 hours, enabling data theft and cloud destruction.
GitHub

aws-samples/aws-sdk-prom-metrics

The AWS control plane contains a rich set of information that can be operationally very useful! Have you ever found yourself wishing you had the output of an AWS SDK Command to enrich your dashboards ...