Microsoft fixes AutoGen Studio flaw that enabled code execution

A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers ...
The Hacker News

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

Island found dormant JavaScript injection paths in Adblock for YouTube, a Chrome extension with 10M+ installs, raising ...

Malicious Hugging Face Models Could Trigger Remote Code Execution

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI supply chain risks.
InfoQ

Grab Builds Secure Agentic AI Workload Platform

Grab's security team built Palana, a Kubernetes-native secure execution platform, to run autonomous AI agents safely. Unlike ...
The Hacker News

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply ...

CISA warns of max severity Ubiquiti flaws exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers actively exploiting flaws in Ubiquity ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
Tech Times

Homebrew 6.0.0 Adds Tap Trust to Block Rogue Ruby Installs, Starts Intel Countdown

Homebrew 6.0.0 shipped June 11 with tap trust, a mechanism that blocks arbitrary Ruby code from third-party taps until explicitly approved — closing a long-standing supply-chain vulnerability. Linux ...
Tech Times

AWS Summit New York 2026: Kiro Brings Aerospace Spec Standards to AI Coding

AWS Summit New York 2026 unveiled Kiro, AgentCore, and Amazon Quick as a coordinated agentic AI stack. Kiro uses ...
Hosted on MSN

An autonomous bot running on Claude Opus just chained zero-days through GitHub Actions in the wild — poisoning Go init functions and branch names to seize remote code execution

An autonomous AI agent built on Claude Opus reportedly chained together zero-day vulnerabilities in GitHub Actions workflows, exploiting Go init functions and crafted branch names to achieve remote ...
Latest Hacking News

What Is a Buffer Overflow? The Bug That Keeps Driving Critical CVEs

A buffer overflow happens when a program writes more data into a memory buffer than the buffer can hold. The extra bytes land in adjacent memory, corrupting whatever was there. If an attacker controls ...
WeLiveSecurity

ESET takes part in Operation Endgame to disrupt Amadey and Stealc

ESET researchers assisted in the global disruption of the Amadey botnet and Stealc infostealer, providing technical analysis, ...