Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

CISA warns of max severity Ubiquiti flaws exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers actively exploiting flaws in Ubiquity ...
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
GitHub

RootMyTV is a user-friendly exploit for rooting/jailbreaking LG webOS smart TVs.

If your webOS version is equal to or greater than the version in the "patched since" column for your TV's model year, your TV is not vulnerable to RootMyTV. While these versions and newer are ...
GitHub

SHAdd0WTAka/Zen-Ai-Pentest

Zen-AI-Pentest is an autonomous, AI-driven penetration testing framework that combines cutting-edge large language models with 72+ professional security tools. Built for security professionals, bug ...