Tom's Hardware on MSN

AI coding agents can be tricked into installing malware via 'clean' GitHub repositories

Three levels of indirection, all with seemingly innocuous steps, will catch a bot off-guard.

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
The Hacker News

⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More

This week’s recap covers exploited flaws, supply chain attacks, phishing kits, AI lures, macOS stealers, urgent CVEs, tools, ...
GMA Network

DICT probing into reported hacking of House website

Make this your preferred source to get more updates from this publisher on Google. The Department of Information and Communications Technology (DICT) is investigating the reported hacking of the House ...
CBS News

Iran-linked group claims hack of FBI drones, threatens World Cup, monitor says

An Iran-linked hacker group claims to have breached FBI drones and has threatened to target the World Cup that kicked off on Thursday, a monitoring group said Friday. The SITE Intelligence Group, an ...
Hosted on MSN

BeamMP hack reported as Discord compromised, website taken offline

The popular BeamNG.drive multiplayer mod BeamMP has been hit by a major security breach, with its Discord server compromised and core services temporarily taken offline. BeamNG.Drive is quite popular ...
scmp.com

Hacking of Philippine Senate’s website spotlights widening political crisis

The Philippine Senate’s political crisis has spilled into cyberspace after its official website went offline on Thursday following its defacement with a warning accusing lawmakers of betraying public ...
Philippine Daily Inquirer

Gatchalian: Website hacking not isolated, part of threat vs Senate

MANILA, Philippines — The cyberattack, specifically the defacing of the Senate’s website, is part of a series of “escalating threats” against the institution according to Senate President Pro Tempore ...
The Hacker News

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat ...
The Verge

Hackers likely hijacked over 20,000 Instagram accounts with Meta’s AI chatbot

Meta blames a bug on an exploit that allowed hackers to ask its AI support bot to link a victim’s account with their own email. Meta blames a bug on an exploit that allowed hackers to ask its AI ...
The Verge

Meta says NSO is still trying to hack WhatsApp users.

Despite last year’s $167 million verdict against NSO Group for its Pegasus software hacking some 1,400 WhatsApp users, Meta says it has detected new spear phishing attacks on its platform from the ...