Microsoft fixes AutoGen Studio flaw that enabled code execution

A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
CSO Online

Microsoft says web-enabled AI agents can trigger host-level RCE

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...
Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

Blink has a big speed advantage against WebKit in browser tests

WebKit has met its match, as the prototype Blink schools Apple's well-worn browser engine and hints at the future of web ...
The Hacker News

⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More

This week’s cybersecurity recap covers Firefox and Chrome bugs, EDR-killer tools, a TV botnet, an OpenBSD flaw, Android ...
The Hacker News

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...

Microsoft finally admits its default Windows 11 25H2, 24H2 action broke key legacy component0 0

Microsoft has finally acknowledged that a default action in Windows 11 versions 25H2 and 24H2 disrupted a key legacy ...
Windows Report

Microsoft Confirms Long-Running Windows 11 JScript Compatibility Issue

Microsoft has acknowledged a long-running JScript9Legacy compatibility issue affecting some legacy apps on Windows 11 24H2 ...

Microsoft warns AI agents are being 'AutoJack'-ed to deliver RCE payloads

Three minor vulnerabilities chained together can cause a lot of trouble but Microsoft fixed it on time.
The Tech Edvocate

How to enable JavaScript in browser

Spread the love“`html JavaScript is the backbone of modern web functionality. Without it, many websites would be nothing more than static pages with basic information. If you’ve ever encountered a ...