Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
Microsoft

StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them

On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...
InfoQ

Designing Continuous Authorization for Sensitive Cloud Systems

Most cloud systems make one authorization decision at login. Everything after runs on trust established at authentication ...
CSO Online

Microsoft says web-enabled AI agents can trigger host-level RCE

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...
GitHub

CHANGELOG.md

Added support for listing deleted root blobs with versions to BlobContainerClient.GetBlobs() and .GetBlobsByHierarchy() Added support for OAuth copy sources for synchronous copy operations. Added ...
GitHub

Sign-in a user with the Microsoft Identity Platform and call an ASP.NET web API that calls a downstream Web API with Conditional Access

This sample demonstrates a .NET web App and native client calling a .NET web API that is secured using Azure AD. Further on the API will also call a downstream API on-behalf of the signed-in user. The ...