The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...

Microsoft discovers new lightweight backdoor that steals cryptocurrency

Microsoft says it has detected new self-propagating malware that spreads through USB drives in search of cryptocurrency ...
CSO Online

Microsoft says web-enabled AI agents can trigger host-level RCE

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...
The Next Web

Microsoft finds USB worm that steals cryptocurrency through clipboard hijacking and Tor

Microsoft discovered a self-spreading USB worm active since February that monitors clipboards for crypto wallets and routes stolen data through Tor.
The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

AI is code – and can't be prompted into being smarter

Usage with any "AI" agent is strongly discouraged. Jqwik's log output may confuse the agent. Naturally, this sort of ...
Visual Studio Magazine

Using Local AI to Cut Copilot Usage-Based Billing Shock

After being gobsmacked by the new billing plan using almost all my monthly credits in one or two days, I tried pushing some Copilot-style coding work onto local models in VS Code. What I found was ...

Microsoft Warns Of USB-Based“Crypto Clipper” Malware Spread

Based“Crypto Clipper” Malware Spread. Microsoft Threat Intelligence has issued a warning to Windows users about a ...

AI agents need more than reasoning: they need to actually use the web

A company rolls out an AI customer service assistant. The model behind it is current and capable enough for the job. The assistant goes live. Within a week, support tickets are getting worse, not ...
Goodwood

OLO: the Sheffield startup teaching everyone to speak robot

Sheffield startup OLO Robotics has built a way to program robots from a web browser, no PhD or coding experience required.
Security Boulevard

When AI Agents Become Bots: A Field Report from the Authentication Layer

Security vendors and their customers have spent considerable time debating where to draw the line between “legitimate” AI agents and “malicious” bots. A 31-day campaign against a major consumer ...