Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Microsoft

Microsoft 365 Blog

Navigate blog by Navigate blog by: ...
Security Boulevard

ClickFix Campaign Generated Via AI Delivers SmartRAT

IntroductionIn March 2026, Zscaler ThreatLabz observed multiple instances of typosquatting domains hosting malicious content generated with AI-powered website creation tools. Threat actors are ...
GitHub

CEO-Bench: Can Agents Play the Long Game?

CEO-Bench: Can Agents Play the Long Game? . Contribute to zlab-princeton/ceobench-src development by creating an account on GitHub.
GitHub

lenucksi/aur-malware-check

Detection and analysis tools for the atomic-lockfile supply-chain attack on the Arch User Repository (AUR). This is a collection of all the scattered resources, especially the ones in the detection ...