Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Security Boulevard

Roll your own bot detection: fingerprinting/JavaScript (part 1)

This is the first article in a two-part series where we show how to build your own anti-bot system to protect a login endpoint, without relying on third-party services. Many bot detection solutions, ...
heise online

Major attack on node.js

A major attack on the supply chain for software packages for the widely used JavaScript runtime environment node.js was discovered on Monday. The attacker has injected obfuscated malicious code into ...
cyberdaily

18 popular JavaScript code packages hacked to spread malware

The maintainer for several highly popular npm debug and chalk packages has revealed he was recently the victim of a phishing attack, which led to the compromise of all 18 packages. “Yep, I’ve been ...
cybernews

Massive supply chain attack hits NPM as hackers target 18 packages downloaded 2B times weekly

What has been dubbed the largest supply chain attack in history has hit NPM, one of the most prolific JavaScript package managers. Early this morning (around 9:30 a.m. ET), security researchers ...
GitHub

A slice utility for Zustand

Zustand is a very minimal global state library. It's not designed with slice patterns. But as it's flexible and unopinionated, users invented some slice patterns. One of which is described in the ...
Fair Observer

Remittance Inflow in Bangladesh: From Record Highs to Future Challenges

In 2024–25, Bangladesh's remittances reached a record $30.04 billion, representing a 25.50% increase from the previous year, driven by government reforms and a shift from the informal hundi system to ...
Fair Observer

America Crosses Into Competitive Authoritarian Rule Under Trump

Harvard political scientists Steven Levitsky, Lucan Way and Daniel Ziblatt argue that the United States has transitioned into a competitive authoritarian regime under President Donald Trump. They ...
InfoWorld

File handling in server-side JavaScript

In server-side JavaScript, you will most likely use the fs library for dealing with the filesystem. This library is a module in Node and other platforms like Bun. So you don’t need to install it using ...