Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
InfoQ

Ky 2.0 Fetch API Wrapper with Revamped Hooks, Smarter Timeouts, and Built-In Schema Validation

Ky 2.0 is an open-source JavaScript HTTP client built on the Fetch API, featuring significant updates such as consolidated ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by ...

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
VentureBeat

Cloudflare’s new Dynamic Workers ditch containers to run AI agent code 100x faster

Web infrastructure giant Cloudflare is seeking to transform the way enterprises deploy AI agents with the open beta release of Dynamic Workers, a new lightweight, isolate-based sandboxing system that ...

Node.js 24.18.0(LTS)リリース、暗号やHTTP機能などの機能強化

Node.jsプロジェクトは6月23日(現地時間)、LTSバージョンのNode.js 24.18.0「Krypton」をリリースした。 主な変更点として、cryptoモジュールでルート証明書がNSS 3.123.1へ更新されたほか、TurboSHAKEとKangarooTwelveといった新しいWeb ...