WebMCP Can Be Used To Hijack AI Agents, Chrome Warns

Chrome's WebMCP guidance warns that AI agents can be manipulated through the tools they are built to trust.
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
latesthackingnews.com

CVE-2026-48907: How the Joomla JCE Exploit Works and What to Do About It

CVE-2026-48907 in the Joomla JCE plugin lets unauthenticated attackers drop PHP web shells with a single crafted request.

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source Java testing app to sabotage projects performed by AI coding agents. The ...
The Next Web

Google is about to disable uBlock Origin and every other Manifest V2 extension in Chrome

Chrome 150 will remove the last override keeping Manifest V2 extensions alive. uBlock Origin and other content blockers will stop working by late June.
GitHub

tantk/psychic-kungfu-master-mod

A MelonLoader-based cheat mod for 今古群侠传 (JinGu) by 金十四工作室, with an external Tauri-based UI in a separate window — wuxia-themed, with five user-switchable color themes.