The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
SecurityWeek

North Korean Hackers Blamed for Mastra NPM Supply Chain Attack

A malicious dependency the attackers added to over 140 Mastra packages fetches a payload targeting cryptocurrency extensions. The North Korean state-sponsored threat actor Sapphire Sleet is behind the ...
Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
GitHub

A plugin engine for running LLSE plugins on LeviLamina

To access plugin development API hints and scaffolding toolkits, visit the legacy-script-engine-api repository. Put LLSE plugins directly in plugins/ Run the server, then the plugins will be migrated ...
GitHub

Roblox Auto Player Piano Script

This is a Roblox auto player script designed specifically for playing the piano in Roblox. It allows for the automated playback of songs, simulating precise key presses based on predefined sequences.
IEEE

Identification of Key Nodes in Complex Networks Based on Network Representation Learning

Abstract: Recently, some research has utilized machine learning methods to identify critical nodes in complex networks. However, existing approaches often lack a comprehensive consideration of network ...