Researchers found attackers using fake CAPTCHA pages. Users should never run PowerShell or Windows commands requested by ...

The new “agentjacking” attack takes almost no real hacking ability to pull off. It's predicated on pulling a public ...

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

予測市場サービスを展開するPolymarketが、ウェブサイトに悪意のあるJavaScriptが挿入されたことで一部の顧客が損失を被ったと発表しました。Polymarketは全額を補償するとしています。

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...

The tool has already blocked more than 52,000 risky npm packages as supply chain attacks continue to hit software teams.

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited ...

What if your AI coding assistant could be tricked into stealing your own company’s secrets – by reading a single ...

Starting on June 11, 2026, the Arch User Repository (AUR) was targeted by malware which rapidly compromised over 1,500 packages. The AUR repository allows for abandoned community packages to be taken ...