Microsoft adds new skills — and more oversight — for Copilot in Excel

The new features, including connectors to third-party data sources, are aimed at making the AI assistant more useful for ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
Windows Report

Microsoft Brings Custom Skills and Finance Data Connectors to Excel Copilot

Microsoft expands Excel Copilot with custom Skills, FactSet and Morningstar connectors, planning mode, and improved ...

Copilot searched your mailbox. LiteLLM handed out admin keys. Run this 5-check audit before your stack is next

SearchLeak and a three-CVE LiteLLM chain broke the same AI trust boundary in two weeks. A 5-check audit maps each gap to a ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Dark Reading

Microsoft Issues Out-of-Band SharePoint Patch

Microsoft rolled out an out-of-band patch for a remote code execution vulnerability in SharePoint Server that any authenticated attacker can potentially exploit without requiring administrator or ...
Searchenginejournal.com

Security Researcher: WordPress 7.0 Could Trigger Rush To Steal AI API Keys

Oliver Sild, founder of Patchstack WordPress security company, shared concerns about the security of AI API keys in WordPress 7.0, sharing that there “will be an absolute rush by hackers to steal API ...
USA Today

Read more than 3 million pages of Jeffrey Epstein files at new exhibit

A new pop-up exhibit in New York has all of the more than three million pages of investigative files on sex offender Jeffrey Epstein available to read in print. The Donald J. Trump and Jeffrey Epstein ...
Bleeping Computer

New GhostLock tool abuses Windows API to block file access

A security researcher has released a proof-of-concept tool named GhostLock that demonstrates how a legitimate Windows file API can be abused in attacks to block access to files stored locally or on ...
The New York Times

Pentagon Releases Files on U.F.O.s

The initial files are murky images that show what could be anything. The government said more would be released on a rolling basis. By Helene Cooper Reporting from Washington The Pentagon released ...
TWCN Tech News

SharePoint not saving changes or edits

SharePoint refusing to save your edits can quickly derail an otherwise productive session. You make your changes, click Save, and either nothing happens, or the file quietly reverts to its previous ...