Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
XDA Developers on MSN

I connected my Jellyfin server to my Obsidian vault, and it might be the most pointless thing I've ever done

It's cool in theory, but lacks any real practical application.
The Next Web

Google is about to disable uBlock Origin and every other Manifest V2 extension in Chrome

Chrome 150 will remove the last override keeping Manifest V2 extensions alive. uBlock Origin and other content blockers will stop working by late June.
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
GitHub

A-poc/RedTeam-Tools

Customer stories Events & webinars Ebooks & reports Business insights GitHub Skills ...
GitHub

seanippolito/self-hosting-guide

Display and control your PC (Windows, macOS, and Linux) and Android devices. TinyPilot is a tool that enables KVM over IP letting you control any computer remotely. X2Go is open source remote desktop ...