Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Hacker News

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

ClickFix attacks are delivering BabaDeda, Lorem Ipsum, and Potemkin loaders to deploy stealers, RATs, and ransomware-linked ...
CSO Online

Microsoft says web-enabled AI agents can trigger host-level RCE

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...
DataBreachToday

Mastra AI Framework Poisoned in npm Supply-Chain Attack

The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation ...

Edge users beware — this malicious extension can break out of the sandbox and install ransomware

Researchers from Zscaler found a new malware campaign dubbed Edgecution.

The 5 highest-paying entry-level jobs in the UK right now — and how to get them

Time to update your CV?
Tech Times

Figma Config 2026: Code Layers Challenge Cursor as GPU Shaders Hit Paid Plans

Figma Config 2026 closed Thursday with Code Layers for GitHub-linked canvas editing, Figma Motion in open beta with CSS and ...

IT Press Tour: Zero servers, 200 petabytes a month - the ex-Akamai founders selling a cure for the next Cloudflare outage

The 68th edition of The IT Press Tour spent a week in Boston, and on 10 June it handed the floor to a company that owns no ...
eWeek

GPT-5.5 Instant Gets the Brainy Patch

OpenAI rolled out a major tune-up for GPT-5.5 Instant, the default model behind ChatGPT. The refresh makes the bot far better ...
CIO

DocLang aims to make documents readable by AI, not humans

Development of the AI-native DocLang document format raises questions about its impact on human workers, as well as on governance and accountability.
Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
Visual Studio Magazine

Using Local AI to Cut Copilot Usage-Based Billing Shock

After being gobsmacked by the new billing plan using almost all my monthly credits in one or two days, I tried pushing some Copilot-style coding work onto local models in VS Code. What I found was ...