Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...

CISA sets urgent deadline to fix Cisco flaw exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is giving federal agencies until Sunday to patch a ...
Visual Studio Magazine

Open VSX 1.0.0 Puts Focus on Open Extension Registry for VS Code Ecosystem

Eclipse Open VSX has reached 1.0.0, highlighting its role as a vendor-neutral registry for VS Code-compatible extensions.
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
securitybrief

Chainguard launches scanner to block npm malware greyware

The tool has already blocked more than 52,000 risky npm packages as supply chain attacks continue to hit software teams.
dcnewsnow

No threat found after suspicious item reported in Foggy Bottom, police say

WASHINGTON (DC News Now) — No hazardous materials were located after a suspicious item was reported in Foggy Bottom on Thursday, according to the Metropolitan Police Department (MPD). Police received ...
SMEChannels

CrowdStrike Report Warns AI Race Is Fueling a New Wave of Cyber Espionage Against Global Technology Firms

As artificial intelligence becomes the defining battleground of technological leadership, CrowdStrike’s 2026 Technology Threat Landscape Report reveals that nation-state adversaries and cybercriminals ...
Hosted on MSN

This JavaScript risk could cost developers dearly

Recently, npm, the essential package manager used by developers worldwide, suffered a massive supply chain attack. This breach not only compromised numerous popular JavaScript packages but also ...
Dark Reading

Nightmare-Eclipse Drops Yet Another Microsoft Exploit, RoguePlanet

The zero-day "nightmare" apparently isn't over for Microsoft, as a disgruntled researcher who's been feuding with the company for the past three months has dropped yet another proof-of-concept (PoC) ...