The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
CSO Online

Attackers abuse Google Ads, GitLab, and Claude to deliver malware

Researchers tracked a seven-week campaign that leveraged trusted platforms and AI-generated trust to trick users into ...
Tech Times

npm v12 Security Overhaul Blocks Install Scripts by Default: July Deadline for CI Migration

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...
Tom's Hardware on MSN

Hades malware campaign now tricks AI bots by injecting text about biological and nuclear weapons

This is probably the dictionary illustration for "deceptively simple." ...
MSN on MSN

This JavaScript risk could cost developers dearly

Recently, npm, the essential package manager used by developers worldwide, suffered a massive supply chain attack. This ...
Infosecurity Magazine

New “Agentjacking” Attacks Could Hijack AI Coding Agents

Tenet Security researchers reveal how new “agentjacking” attacks could trick coding agents into executing arbitrary code ...

The ‘Miasma’ worm source code briefly leaked on GitHub

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain ...

Microsoft patches Exchange Server zero-day exploited in attacks

Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary ...
SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...