Infosecurity Magazine

Microsoft Attributes Mastra AI Supply Chain Attack to North Korea

North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
SecurityWeek

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and improving software security.
GitHub

Open Source Marketplace Platform

Mercur is the first truly limitless open source marketplace platform that combines the simplicity of SaaS with the freedom of open source. Built on MedusaJS, it empowers businesses to create custom ...
GitHub

Date parsing extensions for the JavaScript JSON parser to provide real JavaScript dates from JSON.parse()

This small JavaScript library provides for automatically parsing JSON date strings to real JavaScript dates as part of regular JSON parsing. You can parse either individual date values or complex ...