A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...

CISA, the US government agency whose entire job is keeping America’s critical infrastructure safe from hackers, has had a ...

Live visualization for GEPA prompt-optimization runs. Renders the candidate tree as a force-directed graph so you can watch prompts evolve over a pareto frontier in real time. Big nodes are candidates ...

👉 See GETTING_STARTED.md for setup instructions. 📖 See TOOLS_CATALOG.md for available Copilot tools. The getting started guide walks you through running the add-in locally using the tray app.