Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...

Student Cheating Is Becoming Impossible to Detect in an A.I. Era

Big tech companies and small start-ups are using social media to hype new tools that allow students to trick teachers and A.I ...
CNBC

How to apply for Global Entry — and ways to get it for free

If you're tired of waiting in long lines after traveling abroad, you might want to apply for Global Entry — especially if your credit card reimburses you for the application fee. Issued by U.S.
InfoQ

Ky 2.0 Fetch API Wrapper with Revamped Hooks, Smarter Timeouts, and Built-In Schema Validation

Ky 2.0 is an open-source JavaScript HTTP client built on the Fetch API, featuring significant updates such as consolidated ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Nextgov

US counterintelligence agency looks to AI to accelerate background checks

A Defense Counterintelligence and Security Agency official says advanced AI can cut parts of the vetting process from months ...
techtimes

OpenAI Codex Automation Gains Record and Replay: Show It Once, Skip the Script

OpenAI has added a feature to its Codex macOS app that changes the barrier to AI-powered automation: instead of writing a prompt or configuring a workflow, a user performs a task while Codex watches, ...
Bleeping Computer

Microsoft links Mastra AI supply chain attack to North Korean hackers

Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. This attribution ...

AI agents need more than reasoning: they need to actually use the web

A company rolls out an AI customer service assistant. The model behind it is current and capable enough for the job. The assistant goes live. Within a week, support tickets are getting worse, not ...
CNET

7 Fitness Apps You’ll Want to Try During Your Next Workout

I'm a Fitness & Nutrition writer for CNET who enjoys reviewing the latest fitness gadgets, testing out activewear and sneakers, as well as debunking wellness/fitness myths. In my free time I enjoy ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...