Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
InfoWorld

How fuzzy APIs are remaking the web

With the advent of AI-mediated APIs, the era of manually hard-coding every integration between every microservice may be ...
AOL

Motorola Was Caught Injecting Shady Tracking Code Within The Amazon App

A pink Motorola Razr Fold smartphone sits folded in half with a map of the world behind it - Gabo_Arts/Shutterstock Malicious actors are everywhere on the internet, though you typically don't expect ...
VentureBeat

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
VentureBeat

Microsoft takes Agent 365 out of preview as shadow AI becomes an enterprise threat

Microsoft last week took Agent 365, its management platform for AI agents, out of preview and into general availability — a move that signals the software giant believes the governance challenge ...
Bleeping Computer

Popular WordPress redirect plugin hid dormant backdoor for years

The Quick Page/Post Redirect plugin, installed on more than 70,000 WordPress sites, had a backdoor added five years ago that allows injecting arbitrary code into users’ sites. The malware was ...
Dark Reading

Serial-to-IP Devices Hide Thousands of Old & New Bugs

Researchers have identified 20 new vulnerabilities in popular models of serial-to-IP converters — devices that sit at the heart of modern industrial networks. Even more worryingly, the same ...
blockchain

Bilevel Autoresearch Breakthrough: Outer Loop Rewrites Inner Search Code Live, Delivers 5x Gain

According to God of Prompt on X, two independent researchers built a bilevel autoresearch system where an outer loop reads the inner loop’s source code, diagnoses bottlenecks via structured analysis, ...
HotHardware

VoidStealer Malware Slips Past Chrome's Defenses And Rips Credentials At Scale

It’s a never-ending game of cat and mouse between attackers and software makers, with the latest salvo being fired against one of Google Chrome’s key security features. Security researchers at Gen ...
WeLiveSecurity

EDR killers explained: Beyond the drivers

In recent years, EDR killers have become one of the most commonly seen tools in modern ransomware intrusions: an attacker acquires high privileges, deploys such a tool to disrupt protection, and only ...
Business Insider

Amazon orders 90-day reset after code mishaps cause millions of lost orders

Amazon is beefing up internal guardrails after recent outages hit the company's e-commerce operation, including one disruption tied to its AI coding assistant Q. Dave Treadwell, Amazon's SVP of ...
AppleInsider

iPhone camera & microphone dot can be suppressed if you're already hacked

Apple's camera and microphone indicators are supposed to tell iPhone users when the microphone or camera are on, but after a device is fully compromised with kernel-level access by another hack, ...