Bluekit phishing kit adopts browser-in-the-middle for login theft

The Bluekit phishing-as-a-service platform continues to evolve with nearly 70 new hostnames identified over the past week and ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
GitHub

Apache Karaf

Apache Karaf is a modulith runtime, supporting several frameworks and programming model (REST/API, web, spring boot, ...). It provides turnkey features that you can directly leverage without effort, ...
GitHub

Civitai MCP Server

Turn your AI agent into a full Civitai participant. A Model Context Protocol server that gives AI agents first-class access to Civitai: browse models, images, and creators; post and publish work; ...