Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

He made your free video player run smoothly. Now he’s doing that for robots.

French serial entrepreneur and open-source legend Jean-Baptiste Kempf has been building Kyber, an infrastructure layer to ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
autoevolution

Slidabox Is the Lightest, Smartest Travel Trailer You Can Tow With Any Car. Cheap, Too

The latest from WoodenWidget is a light, compact box that sleeps two, comes with a kitchen and storage, extra privacy, and ...
Cfr.org

What Are Iran’s Nuclear and Missile Capabilities?

Iran’s nuclear program and missile arsenal have garnered increased international scrutiny. A joint U.S.-Israeli military campaign launched in early 2026 seeks to destroy Iran’s nuclear and missile ...
The Hacker News

ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack

Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official release channels and push backdoor code.