The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
CSO Online

Microsoft says web-enabled AI agents can trigger host-level RCE

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...

105K Chrome Installs Linked to Adware and Fake Google Traffic

Socket researchers linked 152 Chrome wallpaper extensions to hidden data logging, fake Google search traffic, and ad ...
The Hacker News

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.
CSO Online

M365 Copilot SearchLeak: Your prompt injection attack surface just got bigger

Although not the first of its kind, researchers’ POC attack against Microsoft’s M365 Copilot Enterprise underscores parameter ...

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...

With Just 1 Click, Researchers Figured Out How to Hijack Microsoft Copilot to Steal Your Data

A recent Microsoft Copilot exploit demonstrates how AI can make existing cybersecurity bugs even more virulent.
The Next Web

A single click on a Microsoft link could have drained your inbox. Here’s how SearchLeak worked.

Varonis chained three bugs in Microsoft 365 Copilot Enterprise Search into a one-click data theft path that bypassed phishing filters and CSP protections.

This Copilot vulnerability could expose emails, 2FA codes, and other sensitive data

This sneaky attack tricks Microsoft's AI assistant to hand over your data.
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Security Boulevard

SmartApeSG Launches Okendo Reviews Supply Chain Attack

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...

Hackers turn Microsoft 365 Copilot into a one-click data theft tool

Varonis found a way to chain three bugs into one exploit that can lead to data exfiltration.