OpenAI has added a feature to its Codex macOS app that changes the barrier to AI-powered automation: instead of writing a prompt or configuring a workflow, a user performs a task while Codex watches, ...

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...

With the proper setup and guidance, you can have Claude Code, Codex, Posit Assistant, and other coding agents writing R code ...

Add Decrypt as your preferred source to see more of our stories on Google. Bumblebee is a free, open-source tool that checks developer computers for compromised software, browser extensions, and AI ...

On May 11, 2026, a self-replicating worm called Mini Shai-Hulud quietly slipped into 42 widely used TanStack open-source packages, corrupting 84 npm artifacts before anyone noticed. Within hours, the ...

On May 11, 2026, a self-propagating supply chain worm dubbed Mini Shai-Hulud (CVE-2026-45321, GHSA-g7cv-rxg3-hmpx) compromised the npm ecosystem. Attributed to TeamPCP (aka DeadCatx3, PCPcat, ...

OpenAI has said it found no evidence that user data was accessed following a security issue linked to a supply-chain attack involving the open-source TanStack npm library. The company said in a ...

On May 11, 2026, at 19:20 UTC, something happened in the npm ecosystem that the security industry has been warning about for years. And almost nobody was prepared for. In six minutes, 84 malicious ...

The post Mini Shai-Hulud Is Back: 172 npm and PyPI Packages Compromised in Latest Wave appeared first on Mend. This is a continuation of the original Shai-Hulud campaign that first targeted SAP CAP ...