Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
CSO Online

Microsoft says web-enabled AI agents can trigger host-level RCE

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...
WeLiveSecurity

FishMonger’s arsenal upgraded: SprySOCKS for Windows

ESET researchers have discovered SprySOCKS for Windows, FishMonger’s backdoor weaponizing a kernel driver for advanced ...
TheServerSide

Tomcat vs. Apache HTTP Server: What's the difference?

What's the difference between Tomcat and Apache? It's a question developers hear frequently. But, when worded that way, it contains some misleading assumptions. Normally, when people ask this question ...
techtimes

AI vs AI Cybersecurity: Sysdig Documents First LLM-Agent Intrusion in the Wild

Security professionals have spent two decades defending against human attackers who use automation as a force multiplier. That model is obsolete. The adversary now fielding against every ...
theregister

Crime crew impersonates help desk, abuses Microsoft Teams to steal your data

A previously unknown threat group using tried-and-tested social engineering tactics - Microsoft Teams chat invitations and helpdesk staff impersonation - is also using custom malware in its ...
The Hacker News

UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware

A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts.
CSOonline

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

A critical pre-authentication remote code execution vulnerability in Marimo, an open-source Python notebook platform owned by AI cloud company CoreWeave, was exploited in the wild less than 10 hours ...
Forbes

Rust: The Unlikely Engine Of The Vibe Coding Era

In 2025, something unexpected happened. The programming language most notorious for its difficulty became the go-to choice for the laziest form of programming imaginable. For a decade, Rust was for ...
Dark Reading

OpenClaw's Gregarious Insecurities Make Safe Usage Difficult

OpenClaw, the open source agentic AI assistant available from GitHub, continues to attract a growing following. Like many tech-savvy workers, Dane Sherrets, a staff innovation architect at HackerOne, ...
VentureBeat

MCP shipped without authentication. Clawdbot shows why that's a problem.

Model Context Protocol has a security problem that won't go away. When VentureBeat first reported on MCP's vulnerabilities last October, the data was already alarming. Pynt's research showed that ...