GitHub

A lightweight, type-safe Dependency Injection (DI) library for JavaScript and TypeScript projects.

Needle DI is a lightweight, TypeScript-first library for dependency injection (DI). It is designed to be both easy to use and highly efficient. Permission is hereby granted, free of charge, to any ...

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...
The Next Web

A single click on a Microsoft link could have drained your inbox. Here’s how SearchLeak worked.

Varonis chained three bugs in Microsoft 365 Copilot Enterprise Search into a one-click data theft path that bypassed phishing filters and CSP protections.
Decrypt

AI Agents Still Can't Stop Prompt Injection Attacks, Researchers Warn

A new benchmark study found AI agents remain vulnerable to prompt injection attacks as companies increasingly roll out the ...
GitHub

Jellyfin Plugin - JavaScript Injector

Multiple Scripts: Add as many custom JavaScript snippets as you want. Organized UI: Each script is managed in its own collapsible section, keeping your configuration clean and easy to navigate. Enable ...

WebMCP Can Be Used To Hijack AI Agents, Chrome Warns

Chrome's WebMCP guidance warns that AI agents can be manipulated through the tools they are built to trust.
The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
Daily

NMC issues advisory to medical colleges on mandatory implementation of safe injection practices

New Delhi: To prevent the transmission of blood-borne infections, including HIV, HBV and HCV, the National Medical Commission (NMC) has issued an advisory directing all medical colleges to strictly ...
The Guardian

Cancer jab can eradicate entire tumours in patients, trial shows

Jab brought ‘unprecedentedly strong responses’ in patients whose disease had become resistant to chemotherapy and immunotherapy Doctors have hailed “unprecedented” trial results that show a ...
Ars Technica

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source Java testing app to sabotage projects performed by AI coding agents. The ...
techtimes

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...
9to5google

Motorola phones have started hijacking the Amazon app to insert affiliate codes [Video]

A truly bizarre situation on Motorola phones has led to the software hijacking the Amazon app to inject an affiliate code – even on the $1,900 Razr Fold. Our original coverage follows below. The shady ...