Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
InfoQ

Ky 2.0 Fetch API Wrapper with Revamped Hooks, Smarter Timeouts, and Built-In Schema Validation

Ky 2.0 is an open-source JavaScript HTTP client built on the Fetch API, featuring significant updates such as consolidated ...
Harvard Business Review

The Truth About Blockchain

It will take years to transform business, but the journey begins now. by Marco Iansiti and Karim R. Lakhani Contracts, transactions, and the records of them are among the defining structures in our ...
Harvard Business School

Putting the Service-Profit Chain to Work

Heskett, J. L., T. O. Jones, G. W. Loveman, W. Earl Sasser, and L. A. Schlesinger. "Putting the Service-Profit Chain to Work." Harvard Business Review 72, no. 2 ...