New MCP specification kills old risks but opens fresh attack surfaces, Akamai finds

A major overhaul of the Model Context Protocol due next month removes several longstanding protocol-level security risks but ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGenโ€™s open-source prototyping user interface) that allows untrusted web content rendered by a ...
note

[Part 12] Session Management Vulnerabilities and HTTP Security Headers: The Complete Series on Preventing Session Hijacking - Registered Information Security Specialist Exam ...

In the previous installment (Part 11), we covered XSS and CSRF. This time, we will explain session management vulnerabilities along with the "HTTP security headers" that prevent them. Session ...
LinkedIn

Issue 117: One-Click GitHub.dev Attack, OpenAI Codex Authentication Tokens Stolen & & Malicious Notifications Hijack Gemini

Security researchers have disclosed a one-click attack affecting GitHub.dev, GitHubโ€™s browser-based VS Code environment, which could allow attackers to steal a userโ€™s full GitHub OAuth token simply by ...
The Hacker News

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

Island found dormant JavaScript injection paths in Adblock for YouTube, a Chrome extension with 10M+ installs, raising ...
The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...

WebMCP Can Be Used To Hijack AI Agents, Chrome Warns

Chrome's WebMCP guidance warns that AI agents can be manipulated through the tools they are built to trust.
Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AIโ€™s 144 JavaScript packages was executed in just 88 minutes by North Koreaโ€™s Sapphire Sleet hacking group, which ...
LinkedIn

Angular 22 Released with New Features and Improvements

๐—”๐—ป๐—ด๐˜‚๐—น๐—ฎ๐—ฟ ๐Ÿฎ๐Ÿฎ ๐—œ๐˜€ ๐—›๐—ฒ๐—ฟ๐—ฒ Angular 22 is out. It changes how you build apps. OnPush is the new default change detection. Use Eager if you want old behavior. The update tool handles this for you ...
GitHub

[Security] Unrestricted JavaScript evaluation via browser eval command #2736

Security Issue: Unrestricted JavaScript Evaluation via Browser Eval Command Description The browser eval command accepts and executes arbitrary JavaScript expressions from user input without any ...