Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
AeroTime

Rocket Lab launches US Space Force satellite in record 16-hour call-up

Rocket Lab launched Victus Haze 16 hours and 42 minutes after call-up, setting a TacRS record before an on-orbit satellite ...

Notorious ‘sandwich attack’ bot Jaredfromsubway.eth exploited for $7.5M

Jaredfromsubway.eth, linked to most Ethereum sandwich attacks, lost $7.5 million after an attacker exploited its automated ...
Decrypt

Ethereum MEV Bot JaredFromSubway Threatens Legal Action After $7.5 Million Loss

Well-known trading bot JaredFromSubway took a hit this weekend after it fell victim to a series of transactions that left its ...

Microsoft fixes AutoGen Studio flaw that enabled code execution

A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers ...

An 80-Year-Old Math Problem Has Just Been Solved. You Might Not Like How We Got the Answer.

ChatGPT's breakthrough is not what it seems.

Copilot searched your mailbox. LiteLLM handed out admin keys. Run this 5-check audit before your stack is next

SearchLeak and a three-CVE LiteLLM chain broke the same AI trust boundary in two weeks. A 5-check audit maps each gap to a ...

Guerrilla artists declare war on Trump with crocodile Hegseth, vampire Miller and ‘86 47’ projected on DC landmarks

The prank appears to be the work of anti-Trump street artists who posted an online montage of projections on landmarks across ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...