The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
CSO Online

Microsoft says web-enabled AI agents can trigger host-level RCE

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...
CSO Online

M365 Copilot SearchLeak: Your prompt injection attack surface just got bigger

Although not the first of its kind, researchers’ POC attack against Microsoft’s M365 Copilot Enterprise underscores parameter ...

Anthropic's Claude Code Artifacts update brings live, shared dashboards and interactive workspaces to enterprises

By turning the terminal into a live, collaborative canvas, Anthropic is proving that the most valuable output of an AI coding ...

FBI helps take down AI phishing ring

The FBI and Google disrupted Outsider Enterprise, a China-based phishing-as-a-service operation tied to 3.87 million stolen ...

A $1 Parking Offer On Worth Avenue Turned Into A $2,500 Fraud Alert, Police Say

A driver on Palm Beach’s Worth Avenue thought he was getting an all-day parking deal for $1.07. Police say the woman who ...
Macworld

Here’s why your Mac blocked that Terminal command you pasted

It appears only if you do not regularly use the Terminal and copied a command from email, chat, or another source. Two types ...

This Copilot vulnerability could expose emails, 2FA codes, and other sensitive data

A newly discovered Microsoft Copilot vulnerability enables hackers to access your email and other data. Credit: Thomas Trutschel/Photothek via It seems no matter how many safeguards are put on AI ...

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...
The Next Web

A single click on a Microsoft link could have drained your inbox. Here’s how SearchLeak worked.

Varonis chained three bugs in Microsoft 365 Copilot Enterprise Search into a one-click data theft path that bypassed phishing filters and CSP protections.
The Hacker News

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

Microsoft fixed a critical Copilot Enterprise Search flaw that could expose emails, calendars, and indexed files through one ...