Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...

CISA sets urgent deadline to fix Cisco flaw exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is giving federal agencies until Sunday to patch a ...
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
SecurityWeek

FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances

PixelSmash is a vulnerability in the FFmpeg framework that can be exploited via crafted media files for remote code execution ...
ITWeb Africa

How attackers exploit malicious, vulnerable software libraries to launch stealth attacks

Companies must be capable of detecting malicious DLLs and vulnerabilities in software libraries to prevent early-stage ...
The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
securitybrief

Chainguard launches scanner to block npm malware greyware

The tool has already blocked more than 52,000 risky npm packages as supply chain attacks continue to hit software teams.
dcnewsnow

No threat found after suspicious item reported in Foggy Bottom, police say

WASHINGTON (DC News Now) — No hazardous materials were located after a suspicious item was reported in Foggy Bottom on Thursday, according to the Metropolitan Police Department (MPD). Police received ...
SMEChannels

CrowdStrike Report Warns AI Race Is Fueling a New Wave of Cyber Espionage Against Global Technology Firms

As artificial intelligence becomes the defining battleground of technological leadership, CrowdStrike’s 2026 Technology ...
Hosted on MSN

This JavaScript risk could cost developers dearly

Recently, npm, the essential package manager used by developers worldwide, suffered a massive supply chain attack. This breach not only compromised numerous popular JavaScript packages but also ...