Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

PixelRAG beats text parsers on accuracy and cuts AI agent token costs 10x

UC Berkeley's PixelRAG renders pages as screenshots instead of parsing text, boosting RAG accuracy by up to 18.1% and cutting ...