AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution
Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution. Stee...
20 articles
Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution. Stee...
Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S.
The U.S.
Introduction The average enterprise security team has 40 or more security tools, giving a lot of visibility into internal telemetry and asset data. But often...
The first wave of enterprise AI concern was straightforward. It was simply employees pasting sensitive data into public AI tools.
Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting the competitiv...
Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on use...
F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected sy...
The internet did not break this week. It got used exactly as designed, which is worse.
Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targeted users since February 2026. "The clipper in this campaign...
Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service (RaaS) operation to one of the most prolific cybercrime g...
Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to concea...
If an autonomous AI agent interacts with your company's core intellectual property today, can your security team instantly name the person who authorized it?...
An independent PCI assessor tested Reflectiz against the new PCI DSS rules. Here is the verdict: See the full QSA assessment here → When a customer types the...
An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new fin...
Microsoft has formally disclosed that it's working to release a patch to address a Defender zero-day codenamed RoguePlanet. The vulnerability has now been as...
A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials. Ordinary stuff, until...
For security teams, the findings never stop, but confidence in knowing which ones matter is becoming harder to maintain. The problem is no longer visibility.
Breaches don't always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack.
Cybersecurity researchers have flagged a "coordinated malware campaign" on the JetBrains Marketplace that has published no less than 15 malicious plugins cap...