Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
SecurityWeek

‘DirtyClone’ Linux Kernel Vulnerability Leads to Root Access

DirtyClone, tracked as CVE-2026-43503, is a Linux kernel vulnerability that allows any local user to gain root privileges.

Stealthy Mistic backdoor linked to ransomware access broker KongTuke

A new backdoor dubbed Mistic has been observed in financially motivated attacks targeting organizations in the insurance, ...
TWCN Tech News

Convert PowerShell script (PS1) file to EXE with IExpress on Windows 11

You can wrap an executable file around a PowerShell script (PS1) so that you can distribute the script as an .exe file rather than distributing a “raw” script file. This eliminates the need to explain ...

CleanFinder brings browser-based genome editing analysis to labs without coding

Genome editing lets scientists rewrite DNA, the instruction manual inside every living cell, with a precision that was unthinkable a generation ago. Technologies such as CRISPR have made this almost ...
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.