Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

The Billion-Dollar Peptides Gold Rush

As black-market drugs go mainstream and legalization is within reach, entrepreneurs, investors and healthcare players are ...

A federal judge finds a Trump data system to verify voters is unlawful

Tens of millions of voters have had their data run through the Trump administration's revamped SAVE tool. A judge just found ...
InfoQ

Ky 2.0 Fetch API Wrapper with Revamped Hooks, Smarter Timeouts, and Built-In Schema Validation

Ky 2.0 is an open-source JavaScript HTTP client built on the Fetch API, featuring significant updates such as consolidated ...
Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
Vogue

The Key Summer 2026 Trends to Add to Your Wardrobe Now

For summer, designers toyed with the idea of hobby dressing. We saw bike helmets at Celine, aprons at Miu Miu, and board shorts at Dries Van Noten. A sense of proportion play also came through with ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...