Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...

Tenet Security researchers reveal how new “agentjacking” attacks could trick coding agents into executing arbitrary code ...

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...

You can minimize the degree to which your browser spies on you, but potential hackers can use your own SSD against you and ...

North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft ...

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain ...

Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary ...

Researchers at Cyera found six vulnerabilities in prtobuf.js, including a flaw that can turn attacker-controlled schema data ...

The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation ...

GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a supply chain attack aimed at developer workstations and AI ...