The new “agentjacking” attack takes almost no real hacking ability to pull off. It's predicated on pulling a public ...
Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet
A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...
Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
Cybersecurity group Zimperium discovered a new malware scam that silently used nearly 250 Android apps to impersonate popular games and social media sites.
Socket says a campaign of malicious packages is aiming to steal crypto and is injecting hidden instructions that hijack popular AI coding assistants. An active supply chain attack is targeting crypto ...
A Chromium fork called CloakBrowser, released by New York-based CloakHQ in early 2026, has surpassed 9,200 GitHub stars this week after its latest update added a Windows x64 build and closed what ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results