The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
techtimes

npm v12 Security Overhaul Blocks Install Scripts by Default: July Deadline for CI Migration

GitHub's npm package manager will ship its most significant security redesign in years this July, when npm v12 makes three long-automatic install behaviors require ...
Infosecurity-magazine.com

Infosecurity Europe: Patch Responsibility Remains Up for Grabs as AI Unearths Decades of Flaws

As two of the leading frontier AI labs, OpenAI and Anthropic, expand access to their most advanced large language models (LLMs), Claude Mythos and GPT5.5, with evidence of their capabilities to ...
securitybrief

Chainguard launches scanner to block npm malware greyware

The tool has already blocked more than 52,000 risky npm packages as supply chain attacks continue to hit software teams.
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
ZDNet

Open-source security is a mess - IBM and Red Hat bet $5 billion and 20,000 engineers can fix it

Lightwell is a huge effort to safeguard open-source software. IBM and Red Hat are investing in this massive security initiative. We don't yet know how this subscription-based service will work. AI is ...
Hosted on MSN

Hackers exploit Microsoft open-source software to steal AI developers' passwords

Microsoft has temporarily taken down dozens of its open-source projects from GitHub after discovering a security incident that may have exposed users to password-stealing malware. The move comes after ...
TechCrunch

Microsoft’s open source tools were hacked to steal passwords of AI developers

Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code ...
The Hacker News

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...
Engadget

The European Union reveals details of its tech sovereignty package

The European Commission has announced a new European Technological Sovereignty Package, designed to further reduce its reliance on foreign tech. The EU wants to focus on building out Europe's capacity ...
CoinTelegraph

Humanity says compromised laptop led to $36M bridge attack

Humanity Protocol's Terence Kwok said some multisig keys may have been accidentally backed up to a compromised device during setup. Humanity Protocol said an employee's laptop compromise allowed ...
Bleeping Computer

CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers. Serv-U ...