The Hacker News

Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code

Researchers warn Agentjacking can abuse Sentry errors to make AI coding agents run malicious code on developer machines.
Dark Reading

Copilot 'SearchLeak' Attack Allows 1-Click Data Theft

The critical, three-stage attack is now patched, but it's part of a new group of AI prompt-injection issues that use hidden ...
The Hacker News

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply ...
Infosecurity Magazine

New “Agentjacking” Attacks Could Hijack AI Coding Agents

Tenet Security researchers reveal how new “agentjacking” attacks could trick coding agents into executing arbitrary code ...
latesthackingnews.com

Reverse Shell Explained: Setup, Attack Chain, and Detection

A reverse shell makes the target machine initiate the connection back to the attacker, bypassing firewalls that only filter ...

NanoClaw and JFrog launch 'immune system' to block AI agents from downloading malicious code

This ensures that all agent activity adheres to the company’s specific commercial licenses, internal security policies, ...
RYT9

Gartner Identifies Four Critical Threats Requiring Urgent Improvements from Cybersecurity Leaders

There are four critical and unpredictable threats where attackers hold a significant advantage to successfully exploit ...
Futurism on MSN

Microsoft’s Copilot AI Caught Letting Hackers Steal Your 2FA Codes Through a Single Click

Security researchers turned the chatbot into a "one-click data exfiltration weapon." The post Microsoft’s Copilot AI Caught ...
CSO Online

Security considerations for adopting Claude Code and Cowork for SMBs

If your SMB is adopting Claude, roll out features gradually and protect your API keys, because you cannot outsource your ...
TechJuice

LangChain Framework Hit With Critical CVEs

LangChain and LangGraph patch three vulnerabilities exposing files, secrets, and conversation histories used by 60M+ ...

SearchLeak: Critical Microsoft 365 Copilot Flaw Enabled One-Click Theft of Emails, Security Codes and Enterprise Data

Researchers uncovered SearchLeak, a critical Microsoft 365 Copilot flaw that could let attackers steal emails, OTPs and ...

Critical Copilot Bug Exposed Emails, Files, And MFA Codes To Hackers

Microsoft's Copilot enterprise chatbot has been linked to a serious security flaw that risks exposing sensitive customer data ...