Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

Google, Microsoft Back Draft AI Agent Discovery Spec

A coalition including Google, Microsoft, and GitHub published Agentic Resource Discovery, an open draft spec for how AI ...
The Hacker News

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

Researchers found 15 malicious JetBrains plugins posing as AI coding tools that exfiltrate OpenAI, DeepSeek, and SiliconFlow ...
Slator

Google Expands AI Live Speech Translation with Gemini 3.5 Live Translate

Google expands AI live speech translation with Gemini 3.5 Live Translate across Google Meet, Google Translate, and its API.

Google Bug Hunter Claims $500K From AI-Assisted Vulnerability Pipeline

A researcher claims an AI-assisted pipeline helped earn $500,000 in Google bug bounty payouts, raising API security and ...
The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
GitHub

Google Maps JavaScript API Loader

Load the Google Maps JavaScript API script dynamically. This is an npm version of the Dynamic Library Import script. Sets the options for loading the Google Maps JavaScript API and installs the global ...