ITWeb Africa

How attackers exploit malicious, vulnerable software libraries to launch stealth attacks

Companies must be capable of detecting malicious DLLs and vulnerabilities in software libraries to prevent early-stage ...
Windows Report

OpenAI Expands Daybreak With GPT-5.5-Cyber and New Security Tools

OpenAI has unveiled a major expansion of its Daybreak cybersecurity initiative, introducing new AI-powered tools, ...
The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
securitybrief

Chainguard launches scanner to block npm malware greyware

The tool has already blocked more than 52,000 risky npm packages as supply chain attacks continue to hit software teams.
InfoWorld

Lack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug. A newly discovered and so far unpatched critical vulnerability in the open source Gogs ...
VentureBeat

Anthropic Skill scanners passed every check. The malicious code rode in on a test file.

Picture this scenario: An Anthropic Skill scanner runs a full analysis of a Skill pulled from ClawHub or skills.sh. Its markdown instructions are clean, and no prompt injection is detected. No shell ...
Bleeping Computer

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. The security issue is tracked as CVE-2026-26956 and ...
LinkedIn

Legitimate packages turned weapons, memory corruption you can't see, and trust as the exploit.

🎧 Episode 10: "Signed by Claude, Written by a Worm" covers this week's stories in depth. Subscribe: Apple Podcasts · Spotify · YouTube 📺 NEW — Context Window // Signal: One story, explained in depth ...
LinkedIn

⚡ Weekly Recap | AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More

AutoFyn → It is an open-source tool from SignalPilot Labs that runs Claude AI in self-improving loops to optimize measurable goals. Give it a GitHub repo, a clear task (like security hardening, bug ...
Geopolitical

Distributed Risk: Open-Source Software as Strategic Infrastructure

While the SolarWinds attack in 2020 and the discovery of Log4Shell in 2021 heightened attention to the geopolitical implications of software supply-chain risk, it was the 2024 XZ incident that marked ...
Gulf News

Techie Tonic: Two CISOs warn Axios breach changes supply chain trust model

In the wake of a critical supply chain attack targeting the widely used Axios JavaScript library, like leading analyst from NST Cyber pointed out, Many CXOs community chief information security ...