Microsoft fixes AutoGen Studio flaw that enabled code execution

A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

124 Million Unique Passwords Exposed In New Infostealer Log Dataset

A new collection of 124 million unique passwords from hundreds of millions of malware stealer log records has been confirmed ...
DataBreachToday

Mastra AI Framework Poisoned in npm Supply-Chain Attack

The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation ...
MacRumors

Apple Passwords Can Now Automatically Fix Weak and Compromised Passwords With Agentic AI

Apple today announced that the Passwords app can now automatically update weak and compromised passwords using Apple Intelligence and Safari to take action on a user's behalf. The feature builds on ...
TechCrunch

Microsoft’s open source tools were hacked to steal passwords of AI developers

Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code ...
Bleeping Computer

New Apple feature automatically changes your compromised passwords

At WWDC 2026, Apple announced an Apple Intelligence-powered feature that can automatically fix weak and compromised passwords. Right now, Safari and the built-in Apple Passwords app can automatically ...
The Hacker News

Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups

Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange ...
The Hacker News

Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub ...
Engadget

Dashlane says hackers stole password vaults via a 'brute force attack'

Dashlane, the maker of a password manager of the same name, has shared that several users' password vaults were exposed as part of a "brute force attack." The hackers were able to download copies of ...
TechCrunch

Password manager Dashlane says hackers stole some customers’ password vaults

Password manager maker Dashlane says hackers have obtained at least a dozen encrypted vaults used for storing customer passwords during a weekend cyberattack. The company said on its website that ...
New York Post

FBI sounds alarm on phishing tool that steals Microsoft 365 accounts without passwords

The FBI is warning that a new hacking platform is allowing cybercriminals to hijack Microsoft 365 accounts — including Outlook, Teams and OneDrive — while bypassing multi-factor authentication ...