WebMCP Can Be Used To Hijack AI Agents, Chrome Warns

Chrome's WebMCP guidance warns that AI agents can be manipulated through the tools they are built to trust.
InfoWorld

Protocol Buffers schemas expose remote code execution risk

Researchers at Cyera found six vulnerabilities in prtobuf.js, including a flaw that can turn attacker-controlled schema data ...
InfoQ

Ky 2.0 Fetch API Wrapper with Revamped Hooks, Smarter Timeouts, and Built-In Schema Validation

Ky 2.0 is an open-source JavaScript HTTP client built on the Fetch API, featuring significant updates such as consolidated ...
latesthackingnews.com

CVE-2026-48907: How the Joomla JCE Exploit Works and What to Do About It

CVE-2026-48907 in the Joomla JCE plugin lets unauthenticated attackers drop PHP web shells with a single crafted request.

Websites have a new way to spy on visitors: Analyzing their SSD activity

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique, named FROST (fingerprinting remotely using OPFS-based SSD timing), allows ...
The Next Web

Google is about to disable uBlock Origin and every other Manifest V2 extension in Chrome

Chrome 150 will remove the last override keeping Manifest V2 extensions alive. uBlock Origin and other content blockers will stop working by late June.
GitHub

tantk/psychic-kungfu-master-mod

A MelonLoader-based cheat mod for 今古群侠传 (JinGu) by 金十四工作室, with an external Tauri-based UI in a separate window — wuxia-themed, with five user-switchable color themes.