The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
LinkedIn

n8n, MCP and AI agents: when to use a workflow, when to use an agent, and how to build your own MCP proxy

There are two ways to make software talk to other software in 2026, and most teams pick the wrong one for the job. The first is a deterministic workflow: you draw the steps, the tool runs them the ...
GitHub

The generative UI framework that even humans can use.

Prefab is a UI framework for building rich, interactive interfaces in Python. Create MCP Apps, data dashboards, interactive tools, and more with 100+ prebuilt components. A bundled React renderer ...
GitHub

Dynamics 365 Finance & Operations MCP Server

Production-ready Model Context Protocol (MCP) server that exposes the full capabilities of Microsoft Dynamics 365 Finance & Operations (D365 F&O) to AI assistants and other MCP-compatible tools. This ...
LinkedIn

Why We Need MCP Servers (and How to Use Them)

USB Analogy Think of your LLM as a computer and each data source as a gadget with a weird plug. MCP is the USB hub: every gadget talks USB, so the computer only needs one port to access them all. The ...