A sophisticated supply chain attack on the npm package ‘rand-user-agent’ was discovered on May 5, 2025, inserting a Remote Access Trojan (RAT) named “RATatouille.” It affects around 45,000 weekly downloads, compromising user systems by establishing covert communication with malicious servers. Users of versions post-October 2024 are urged to check for indicators of compromise and unauthorized changes.
Meta to Permanently Remove End-to-End Encryption Feature in Instagram DMs
Meta has confirmed it will permanently remove end-to-end encryption (E2EE) support from Instagram direct messages, with the feature officially shutting down after May 8, 2026.
