The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.

New WhatsApp phishing campaign allows for remote access from a single business document

WhatsApp users are getting shady documents from their contacts, leading to an infection.
Redmondmag.com

PowerShell Trusted Hosts for Mixed Environments

Trusted host lists can help keep PowerShell remoting working in mixed domain and workgroup environments, but only if admins avoid overwriting existing WinRM settings.