Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Security Boulevard

When AI Agents Become Bots: A Field Report from the Authentication Layer

Security vendors and their customers have spent considerable time debating where to draw the line between “legitimate” AI agents and “malicious” bots. A 31-day campaign against a major consumer ...
Tech Times

Google Kills uBlock Origin in Chrome June 30: Dynamic Filtering Ends, No Workaround Remains

Chrome 150 ships June 30 and deletes the last Manifest V2 override flag from Chromium’s codebase, permanently ending dynamic ...
dw

Cambodia: Alleged cyber scam boss extradited to China

Authorities say Li Xiong was arrested in Cambodia and deported at the request of Chinese authorities. He is linked to an accused scam center kingpin who was ...
GitHub

Overledger JavaScript SDK V2

Overledger is a REST API that allows applications to connect to multiple distributed ledger technologies (DLTs) or blockchains through the use of a standardised interface. The Overledger SDK enables ...
InfoQ

Running Modern ES2023 JavaScript inside Go Using QJS and WebAssembly

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
GitHub

Industry standard API mocking for JavaScript.

"I found MSW and was thrilled that not only could I still see the mocked responses in my DevTools, but that the mocks didn't have to be written in a Service Worker and could instead live alongside the ...
theregister

Claude code will send your data to crims ... if they ask it nicely

A researcher has found a way to trick Claude into uploading private data to an attacker's account using indirect prompt injection. Anthropic says it has already documented the risk, and its foolproof ...
Security Boulevard

Roll your own bot detection: fingerprinting/JavaScript (part 1)

This is the first article in a two-part series where we show how to build your own anti-bot system to protect a login endpoint, without relying on third-party services. Many bot detection solutions, ...
SecurityWeek

Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack

With more than 4 million weekly downloads, the Nx build platform became the first known supply chain breach where hackers weaponized AI assistants for data theft. Hackers stole thousands of ...
heise online

Popular JavaScript package is: Malware through supply chain attack

Maintainer Jordan Harband writes on Bluesky that attackers had taken over the account of another project manager. Versions 3.3.1 and 5.0.0 of the package are affected. Both versions were apparently ...
The Hacker News

Kerberoasting Detections: A New Approach to a Decade-Old Challenge

Security experts have been talking about Kerberoasting for over a decade, yet this attack continues to evade typical defense methods. Why? It’s because existing detections rely on brittle heuristics ...