Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
GitHub

Visual development environment for CSS.

CSS GUI is a visual toolkit for editing element styles on the web. It's theme-aware, performant, and can be composed into any React app. We want to improve creative coding and web development ...
Dark Reading

Exploits Turn Windows Defender Into Attacker Tool

Threat actors are using three publicly available proof-of-concept exploits to attack Microsoft Defender and turn the security platform's primary cleanup and protection functions against organizations ...
GitHub

JNDI-Injection-Exploit-Plus

We can replace "rmi://127.0.0.1:1099/Object" with the link generated by JNDI-Injection-Exploit-Plus to test vulnerability. What's more, you can also use JNDI-Injection-Exploit-Plus to generate ...
TechCrunch

Hackers are abusing unpatched Windows security flaws to hack into organizations

Hackers have broken into at least one organization using Windows vulnerabilities published online by a disgruntled security researcher over the last two weeks, according to a cybersecurity firm. On ...
theregister

Claude Opus wrote a Chrome exploit for $2,283

Anthropic withheld its Mythos bug-finding model from public release due to concerns that it would enable attackers to find and exploit vulnerabilities before anyone could react. But the company's Opus ...
CSOonline

Another Microsoft Defender privilege escalation bug emerges days after patch

New PoC shows how Microsoft Defender can be tricked into rewriting malicious files into protected locations, enabling SYSTEM-level privilege escalation on fully patched Windows systems. Days after ...
Windows Report

RedSun Exploit Hits Microsoft Defender Zero-Day, Grants SYSTEM Access

A newly released proof-of-concept exploit called RedSun is raising serious concerns around Microsoft Defender security. The exploit allows attackers to gain full SYSTEM-level access even on fully ...
Bleeping Computer

New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges

A researcher known as "Nightmare Eclipse" has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed "RedSun," in the past two weeks, protesting how the company works ...
PC World

Unpatched Microsoft Defender flaw lets hackers gain admin access

PCWorld reports on the ‘RedSun’ vulnerability in Microsoft Defender affecting Windows 10, 11, and Server systems that allows attackers to gain administrative privileges. Security researcher Chaotic ...