Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.

Frontline Systems Launches RASON® Desktop: Brings Simulation, Optimization, Decision Intelligence Directly into Power BI

Business users can now determine the best course of action under real-world constraints and uncertainty, with input ...
Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
techtimes

OpenAI Codex Automation Gains Record and Replay: Show It Once, Skip the Script

OpenAI has added a feature to its Codex macOS app that changes the barrier to AI-powered automation: instead of writing a prompt or configuring a workflow, a user performs a task while Codex watches, ...
InfoQ

Ky 2.0 Fetch API Wrapper with Revamped Hooks, Smarter Timeouts, and Built-In Schema Validation

Ky 2.0 is an open-source JavaScript HTTP client built on the Fetch API, featuring significant updates such as consolidated ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Runner's World

Runner’s World 2026 Shoe Awards

Shoe innovation is happening at levels and speeds we’ve never seen before. Today, your daily trainer is light enough and bouncy enough to pull double duty for racing. Seemingly every new version comes ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
MIT Technology Review

Anthropic’s Code with Claude showed off coding’s future—whether you like it or not

As tools like Claude Code get better, more and more developers are happy to hand off coding tasks to them. The way software gets built has changed for good. The vibes were strong at Code with Claude, ...
VentureBeat

Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering

Four supply-chain incidents hit OpenAI, Anthropic and Meta in 50 days: three adversary-driven attacks and one self-inflicted packaging failure. None targeted the model, and all four exposed the same ...

Oracle Announces New NetBeans IDE Release With Comprehensive Support for Java 8

Web and application developers are facing continuing pressure for efficiency and are seeking to adopt the latest standards and advancements in the Java language and platform. To address this need, ...