The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
securitybrief

Chainguard launches scanner to block npm malware greyware

The tool has already blocked more than 52,000 risky npm packages as supply chain attacks continue to hit software teams.
SMEChannels

CrowdStrike Report Warns AI Race Is Fueling a New Wave of Cyber Espionage Against Global Technology Firms

As artificial intelligence becomes the defining battleground of technological leadership, CrowdStrike’s 2026 Technology ...
Fox News

Trump locks in ICE funding through end of presidency after House passes $70B package

Republicans’ sweeping immigration enforcement and border security package cleared the House on Tuesday, ending a months-long standoff with Democrats over funding President Donald Trump's immigration ...

CrowdStrike 2026 Technology Threat Landscape Report: China Steals AI Capabilities It Can’t Build

CrowdStrike (NASDAQ: CRWD) today released the CrowdStrike 2026 Technology Threat Landscape Report, revealing that China-nexus adversaries are escalating espionage against technology organizations to ...
Infosecurity-magazine.com

Infosecurity Europe: Patch Responsibility Remains Up for Grabs as AI Unearths Decades of Flaws

As two of the leading frontier AI labs, OpenAI and Anthropic, expand access to their most advanced large language models (LLMs), Claude Mythos and GPT5.5, with evidence of their capabilities to ...
ZDNet

Open-source security is a mess - IBM and Red Hat bet $5 billion and 20,000 engineers can fix it

Lightwell is a huge effort to safeguard open-source software. IBM and Red Hat are investing in this massive security initiative. We don't yet know how this subscription-based service will work. AI is ...
Fox News

UCLA quarterback attempts to exploit loophole in transfer portal window with unique tactic

While the federal government is doing everything in its power to bring stability to college athletics, football and basketball continue operating with virtually no oversight. For basketball, we have ...
CNBC

Mythos was the critical trigger for IBM's open-source cybersecurity push, Krishna says

IBM and Red Hat are investing $5 billion into a new cybersecurity push to address vulnerabilities in open-source software. CEO Arvind Krishna said the launch of Anthropic's Mythos was the "critical ...
Infosecurity-magazine.com

Attackers Move Past Typosquatting to Realistic Package Impersonation

Most malicious open source packages have moved beyond misspelling popular project names, instead disguising themselves as plausible plugins, configs and helpers that fit naturally into a developer's ...
Ars Technica

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and ...