Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
Microsoft

Typosquatted npm packages used to steal cloud and CI/CD secrets

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...
The White House

JFK Files

“A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.” – John F. Kennedy On November 22, 1963, crowds of excited people ...
GitHub

Master Thesis Evaluation Dashboard

A Streamlit dashboard that allows UGent promotors and supervisors to view jury evaluations for their master thesis students. Data is collected via Qualtrics and stored in an AWS S3 bucket.
GitHub

The AI Browser Automation Framework

Stagehand is a browser automation framework used to control web browsers with natural language and code. By combining the power of AI with the precision of code, Stagehand makes web automation ...