The Hacker News

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

Island found dormant JavaScript injection paths in Adblock for YouTube, a Chrome extension with 10M+ installs, raising ...
eWeek

Agentic AI Cheat Sheet: A Guide to AI Agents, Tools, and Risks

Agentic AI moves beyond chatbots into systems that plan, use tools, and act. Learn key terms, architectures, risks, ...
InfoQ

Grab Builds Secure Agentic AI Workload Platform

Grab's security team built Palana, a Kubernetes-native secure execution platform, to run autonomous AI agents safely. Unlike ...
Tech Times

Homebrew 6.0.0 Adds Tap Trust to Block Rogue Ruby Installs, Starts Intel Countdown

Homebrew 6.0.0 shipped June 11 with tap trust, a mechanism that blocks arbitrary Ruby code from third-party taps until explicitly approved — closing a long-standing supply-chain vulnerability. Linux ...
Morning Overview on MSN

Hackers are exploiting a maximum-severity bug in a WordPress form plugin on thousands of sites, running their own code with no login required

Thousands of WordPress sites running the Kali Forms plugin are exposed to attackers who can execute arbitrary code on web servers without ever logging in. The flaw, tracked as CVE-2026-3584, carries a ...
CSOonline

AI agent finds 18-year-old remote code execution flaw in Nginx

An LLM-powered system found 4 security bugs, including a critical one in the web server’s URL rewrite module. Researchers have found a critical vulnerability in the widely used Nginx web server that ...
AppleInsider

Update your older iPhone, iPad, or Mac now, to get new fixes for WebKit, Wi-Fi & kernel flaws

On Monday, Apple released critical security updates for iPads, Macs, and iPhones running older operating systems to fix serious flaws tied to WebKit, kernel access, Wi-Fi, and sandbox escapes.
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

AI agents have fundamentally changed the threat model of AI model-based applications. By equipping these models with plugins (also called tools), your agents no longer just generate text; they now ...
VentureBeat

One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

Just two months ago, researchers at the Data Intelligence Lab at the University of Hong Kong introduced CLI-Anything, a new state-of-the-art tool that analyzes any repo’s source code and generates a ...
LinkedIn

Multiple Wireshark Flaws Allow Remote Code Execution via Malformed Packets

The Wireshark Foundation has released version 4.6.5 of its widely used network protocol analyzer, patching more than 40 security vulnerabilities, including several critical flaws that could allow ...
thecyberexpress

Cisco Patches Critical ISE Vulnerabilities Allowing Remote Code Execution Attacks

Cisco has released security updates to fix multiple vulnerabilities in its Identity Services Engine and Webex Services, warning that successful exploitation could lead to remote code execution, ...
VentureBeat

Meta's new structured prompting technique makes LLMs significantly better at code review — boosting accuracy to 93% in some cases

Deploying AI agents for repository-scale tasks like bug detection, patch verification, and code review requires overcoming significant technical hurdles. One major bottleneck: the need to set up ...