Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
LinkedIn

Silent Failures in Agent Tooling

It wrote a JavaScript that spun up a fleet of agents and pointed them at the work. 12.5 minutes later: → 113 agents read 100 synthetic customer interviews → 1.95M tokens spent reading → 622 raw ...