Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
latesthackingnews.com

CVE-2026-48907: How the Joomla JCE Exploit Works and What to Do About It

CVE-2026-48907 in the Joomla JCE plugin lets unauthenticated attackers drop PHP web shells with a single crafted request.

Websites have a new way to spy on visitors: Analyzing their SSD activity

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique, named FROST (fingerprinting remotely using OPFS-based SSD timing), allows ...
The Next Web

Google is about to disable uBlock Origin and every other Manifest V2 extension in Chrome

Chrome 150 will remove the last override keeping Manifest V2 extensions alive. uBlock Origin and other content blockers will stop working by late June.
GitHub

tantk/psychic-kungfu-master-mod

A MelonLoader-based cheat mod for 今古群侠传 (JinGu) by 金十四工作室, with an external Tauri-based UI in a separate window — wuxia-themed, with five user-switchable color themes.