The Hacker News

Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant

Microsoft says hotel phishing emails are using Calendly links and photo ZIP files to drop the TonRAT Node.js implant on front ...

Johns Hopkins lays off 110 employees

The institution froze hiring, paused pay increases and cut capital project spending last year to try to make up for federal ...
The Caledonian-Record

U.S. Advisors See Growth Outlook Holding Firm as AI and Generational Change Reshape the Business of Advice, says Natixis Investment Managers Survey

U.S. financial advisors report average AUM growth of 12.5% over the past year, but their path to future growth is being ...
The Caledonian-Record

Stagwell (STGW) and Microsoft Advertising Become First to Integrate Copilot Directly Into Live Media Campaigns

The integration of Microsoft MCP connects Copilot directly to live campaigns, moving AI from pilot to production ...

Helion advances work on generator building for Malaga fusion plant

Helion is working on the generator building for Orion, a fusion plant in Central Washington that will eventually provide ...

Microsoft fixes AutoGen Studio flaw that enabled code execution

A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers ...
Infosecurity Magazine

Microsoft Attributes Mastra AI Supply Chain Attack to North Korea

North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft ...
Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
The Next Web

Microsoft finds USB worm that steals cryptocurrency through clipboard hijacking and Tor

Microsoft discovered a self-spreading USB worm active since February that monitors clipboards for crypto wallets and routes stolen data through Tor.
The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...

Microsoft discovers new lightweight backdoor that steals cryptocurrency

Microsoft says it has detected new self-propagating malware that spreads through USB drives in search of cryptocurrency ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...