Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

Google, Microsoft Back Draft AI Agent Discovery Spec

A coalition including Google, Microsoft, and GitHub published Agentic Resource Discovery, an open draft spec for how AI ...

105K Chrome Installs Linked to Adware and Fake Google Traffic

Socket researchers linked 152 Chrome wallpaper extensions to hidden data logging, fake Google search traffic, and ad ...
Slator

Google Expands AI Live Speech Translation with Gemini 3.5 Live Translate

Google expands AI live speech translation with Gemini 3.5 Live Translate across Google Meet, Google Translate, and its API.
The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
GitHub

Google Maps JavaScript API Loader

Load the Google Maps JavaScript API script dynamically. This is an npm version of the Dynamic Library Import script. Sets the options for loading the Google Maps JavaScript API and installs the global ...
The Hacker News

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon ...