The Hacker News

⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More

This week’s cybersecurity recap covers Firefox and Chrome bugs, EDR-killer tools, a TV botnet, an OpenBSD flaw, Android ...
The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
securitybrief

Chainguard launches scanner to block npm malware greyware

The tool has already blocked more than 52,000 risky npm packages as supply chain attacks continue to hit software teams.
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based code analysis systems into overlooking malicious payloads.
TechCrunch

Microsoft’s open source tools were hacked to steal passwords of AI developers

Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code ...
Ars Technica

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...
InfoWorld

Protocol Buffers schemas expose remote code execution risk

Researchers at Cyera found six vulnerabilities in prtobuf.js, including a flaw that can turn attacker-controlled schema data ...
Bleeping Computer

Cisco warns of critical Unified CM flaw with PoC exploit code

Cisco has released security updates to patch a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileges. Cisco Unified CM (formerly known as ...
ZDNet

Red Hat hit by npm supply‑chain attack - here's how to stay safe

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...
SecurityWeek

‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds

Known denial-of-service (DoS) techniques can be chained together in a new exploit that can knock major web servers offline, Calif security researchers warn. Dubbed HTTP/2 Bomb and discovered using ...
Fox News

Foreign enemies have a shockingly simple way to track US troops overseas, lawmakers warn

A bipartisan group of lawmakers is demanding answers from the Pentagon after U.S. Central Command disclosed it had received multiple threat reports indicating foreign adversaries were exploiting ...