Morning Overview on MSN

The fake-CAPTCHA trick spreading now asks you to paste a command that installs malware

The Federal Trade Commission issued a consumer alert in June 2026 warning that a new breed of fake CAPTCHA pop-ups is tricking Windows users into running malicious commands on their own computers. The ...

AI is code – and can't be prompted into being smarter

Usage with any "AI" agent is strongly discouraged. Jqwik's log output may confuse the agent. Naturally, this sort of ...
Microsoft

Securing CI/CD in an agentic world: Claude Code Github action case

Microsoft Threat Intelligence discovered that Anthropic’s Claude Code GitHub Action could expose CI/CD workflow secrets when AI agents process untrusted GitHub content, including issue bodies, pull ...
Crypto Briefing

Microsoft fixes severe VS Code vulnerability enabling GitHub token theft

Security researcher Ammar Askar disclosed a critical vulnerability in Visual Studio Code on June 2, 2026, revealing that attackers could steal GitHub OAuth tokens through a deceptively simple ...
Tech.co

Best Free Vibe Coding Tools: Build Apps for Free

Base44 has the best free vibe coding plan for beginners in 2026 because it can generate fully functional apps, including analytics and databases, from a single prompt. The platform’s free plan ...
decrypt

Anthropic Accidentally Leaked Claude Code's Source—The Internet Is Keeping It Forever

Add Decrypt as your preferred source to see more of our stories on Google. Anthropic accidentally exposed 512,000 lines of Claude Code via a source map leak. DMCA takedowns failed as mirrors and clean ...
CSOonline

AI browsers can be tricked with malicious prompts hidden in URL fragments

Researchers discovered that adding instructions for AI-powered browser assistants after the hash (#) symbol inside URLs can influence their behavior to leak sensitive data and direct users to phishing ...
The Hacker News

Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly

Google on Wednesday said it discovered an unknown threat actor using an experimental Visual Basic Script (VB Script) malware dubbed PROMPTFLUX that interacts with its Gemini artificial intelligence ...
GitHub

StatiCrypt - password protect a static HTML page

Safely encrypt and password protect the content of your public static HTML file, to be decrypted in-browser without any back-end - to serve it over static hosting like Netlify, GitHub pages, etc. (see ...
cybernews

Critical flaw plagues Lenovo AI chatbot: attackers can run malicious code and steal cookies

Lenovo’s AI chatbot Lena was affected by critical XSS vulnerabilities, which enabled attackers to inject malicious code and steal session cookies with a single prompt. The flaws could potentially lead ...
The Hacker News

GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts

Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject ...
CSOonline

Prompt injection flaws in GitLab Duo highlights risks in AI assistants

Researchers managed to trick GitLab’s AI-powered coding assistant to display malicious content to users and leak private source code by injecting hidden prompts in code comments, commit messages and ...