Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
GitHub

Diagram Maker

Diagram Maker is a library to display an interactive editor for any graph-like data. Following is a screenshot from one of the consumers of this library, AWS IoT Events Console with Diagram Maker in ...
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
GitHub

LZ-based compression algorithm for JavaScript

The file layout has changed in version 2, this is now a joint commonjs / esmodule project so modern build tools should be happy with it, but if importing a file directly (such as in a direct ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

I let Claude audit my messy Home Assistant setup, and it was a massive wake-up call

I gave Claude access to my Home Assistant. It helped me audit, debug, and improve my smart home better than I ever could have.
Fair Observer

The Indian Subcontinent’s Hindu-Muslim Divide

We rely on your support for our independence, diversity and quality. Fair Observer is a 501(c)(3) independent nonprofit. We are not owned by billionaires or controlled by advertisers. We publish ...
Hawar News Agency

Qamishlo responds to policies of cultural assimilation with linguistic diversity

Qamishlo responds to policies of cultural assimilation with linguistic diversity Qamishlo is witnessing a growing presence of linguistic diversity in markets and public spaces, where many shop and ...