CSO Online

Microsoft says web-enabled AI agents can trigger host-level RCE

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...

Figma adds code layers, support for animations, more AI features in new update

Figma's update adds a new code layer, support for motion and shaders, and the ability to create custom plugins for various ...

Microsoft fixes AutoGen Studio flaw that enabled code execution

A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers ...

Read this before you vibe-code another app

Your dream vibe-coded app might be a security nightmare.
The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
The Hacker News

Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code

Researchers warn Agentjacking can abuse Sentry errors to make AI coding agents run malicious code on developer machines.

Web Development Fundamentals Modern Teams Still Need

Foundational web development practices still shape how websites and web applications perform, protect users and hold up when ...

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...

Fake Claude Code Installers Deliver Credential-Stealing Malware

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other sensitive data.