New MCP specification kills old risks but opens fresh attack surfaces, Akamai finds

A major overhaul of the Model Context Protocol due next month removes several longstanding protocol-level security risks but ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
LinkedIn

AutoJack: When Your AI Agent Becomes the Attacker's Delivery Vehicle

Crack 3 — server_params From the URL Is the Command Line (CWE-78) The MCP WebSocket endpoint accepted a server_params query parameter — base64-encoded JSON specifying which tool server to launch, ...
note

A Thorough Explanation of Perspectives in Web App & API Security Assessments

In recent years, with the promotion of DX and the separation of front-end and back-end (SPA/microservices), the number of web applications and APIs has increased explosively. At the same time, cyber ...
The Hacker News

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Earlier this month, I spoke at the Gartner Security & Risk Management Summit about a blind spot most security programs are still not accounting for - how attackers are circumventing AI security ...
SecurityWeek

Critical SimpleHelp Vulnerability Exploited for Malware Delivery

A threat actor has been exploiting CVE-2026-48558, a critical SimpleHelp vulnerability, to drop TaskWeaver and Djinn Stealer ...
The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...