Microsoft fixes AutoGen Studio flaw that enabled code execution

A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers ...
Infosecurity Magazine

New “Agentjacking” Attacks Could Hijack AI Coding Agents

Tenet Security researchers reveal how new “agentjacking” attacks could trick coding agents into executing arbitrary code ...
InfoWorld

How fuzzy APIs are remaking the web

With the advent of AI-mediated APIs, the era of manually hard-coding every integration between every microservice may be ...
The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...

Meet Fabrice Bellard: The French engineer whose code powers YouTube, Netflix and TikTok, yet he has spent 30 years quietly out of the spotlight

Most people can name the founders of Apple, Microsoft, Meta or Tesla. Fabrice Bellard remains largely unknown outside programming circles despite creating software that helps power much of the modern ...
Infosecurity Magazine

Lookalike npm Package Hides a Multi-Stage Windows RAT

A malicious npm package has been caught impersonating one of the JavaScript ecosystem's most widely used build tools. The ...

Microsoft discovers new lightweight backdoor that steals cryptocurrency

Microsoft says it has detected new self-propagating malware that spreads through USB drives in search of cryptocurrency ...

The ‘Miasma’ worm source code briefly leaked on GitHub

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain ...
Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
DataBreachToday

Mastra AI Framework Poisoned in npm Supply-Chain Attack

The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation ...

AI is code – and can't be prompted into being smarter

Usage with any "AI" agent is strongly discouraged. Jqwik's log output may confuse the agent. Naturally, this sort of ...
CSO Online

Microsoft says web-enabled AI agents can trigger host-level RCE

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...