Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
GitHub

A comprehensive, but not exhaustive, translation of upstream ReactJS 17.x into Lua.

React Lua is a comprehensive translation of upstream ReactJS from JavaScript into Lua, and is highly-turned for both performance and correctness. When possible, upstream flowtype and definitely-typed ...
GitHub

Pekora/Project X 5(LATEST 30 AUGUST 2025)

Please do not re-host this to the public. we know it is a source code that can start your own revival but re-hosting is unrecommended for reasons. This repository is only created for leak this shitty ...
The Hacker News

Over a Dozen Malicious npm Packages Target Roblox Game Developers

More than a dozen malicious packages have been discovered on the npm package repository since the start of August 2023 with capabilities to deploy an open-source information stealer called Luna Token ...
theregister

JavaScript dev deliberately screws up own popular npm packages to make a point of some sort

The npm packages, faker.js and colors.js, were not hijacked by outsiders, as has been known to happen; rather their creator added code to the software libraries that made them malfunction. Three days ...