The Hacker News

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

Island found dormant JavaScript injection paths in Adblock for YouTube, a Chrome extension with 10M+ installs, raising ...
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
ITWeb Africa

How attackers exploit malicious, vulnerable software libraries to launch stealth attacks

Companies must be capable of detecting malicious DLLs and vulnerabilities in software libraries to prevent early-stage ...
CSO Online

Hackers exploit critical PTC Windchill PLM software flaw

The popular product lifecycle management platform is under active exploitation for an RCE vulnerability that could put ...
SecurityWeek

Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks

Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, creating a new software supply ...
Infosecurity Magazine

Critical SimpleHelp Vulnerability Exploited For Malware Delivery

A critical authentication bypass in SimpleHelp's remote monitoring and management (RMM) software has been exploited to ...

Mozilla Warns GitHub Repos Can Trick AI Tools Into Hacking Your PC

Christopher Harper is a tech writer with over a decade of experience writing how-tos and news. Off work, he stays sharp with gym time & stylish action games.

SimpleHelp Flaw Exploited to Deploy Malware Targeting Windows, macOS, and Linux

A SimpleHelp authentication flaw is being exploited to deploy Djinn Stealer, a cross-platform malware targeting cloud, ...
Developer Tech

Mozilla shows Claude Code malware risk in clean GitHub repo

Mozilla’s 0din team showed how a Claude Code malware GitHub repo attack could use a clean-looking repository to open a ...