The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
securitybrief

Chainguard launches scanner to block npm malware greyware

The tool has already blocked more than 52,000 risky npm packages as supply chain attacks continue to hit software teams.
SMEChannels

CrowdStrike Report Warns AI Race Is Fueling a New Wave of Cyber Espionage Against Global ...

As artificial intelligence becomes the defining battleground of technological leadership, CrowdStrike’s 2026 Technology ...
GitHub

High CVE-2024-4761 Exploit

Google has released emergency security updates to address a high-severity zero-day vulnerability vulnerability, tracked as CVE-2024-4761, in the Chrome browser. The vulnerability is an out-of-bounds ...

CrowdStrike 2026 Technology Threat Landscape Report: China Steals AI Capabilities It Can ...

CrowdStrike (NASDAQ: CRWD) today released the CrowdStrike 2026 Technology Threat Landscape Report, revealing that China-nexus ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
InfoWorld

Lack of response to critical vulnerability in Gogs is a reminder of the limits of open ...

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug. A newly discovered and so far unpatched critical vulnerability in the open source Gogs ...