Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...
The Hacker News

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.

Linux cryptographic code flaw offers fast route to root

The newly disclosed LPE, dubbed Copy Fail (CVE-2026-31431), comes from a vulnerability in the Linux kernel's authencesn ...
Decrypt

DeepClaude Lets You Run Claude Code With DeepSeek's Brain for 17x Cheaper

DeepClaude swaps Claude Code's expensive Anthropic backend for DeepSeek V4 Pro, keeping the agent loop, slashing the bill.

Linux Copy Bug: Trivially Exploitable, Impacts Crypto Infrastructure

Trivially Exploitable, Impacts Crypto Infrastructure. Security researchers have highlighted a Linux vulnerability nicknamed Copy Fail that could impact a broad swath of open-source distributions ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

Alibaba's Metis agent cuts redundant AI tool calls from 98% to 2% — and gets more accurate doing it

Alibaba's HDPO framework trains AI agents to skip unnecessary tool calls, cutting redundant invocations from 98% to 2% while ...
The Hacker News

Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API

CVE-2026-22679 exploited via debug endpoint in Weaver E-cology before 20260312, enabling RCE and system compromise.
Dark Reading

Hackers Use AI for Exploit Development, Attack Automation

Cyber adversaries have long used AI, but now attackers are using large language models to develop exploits and orchestrate ...

Google intercepts a massive cyberattack powered by first-ever AI-generated zero-day exploit

Google claims to have thwarted a significant cyberattack by state-sponsored hackers using an AI-developed zero-day exploit.

BrowserAct Open-Sources Two AI-Agent Skills, Giving Agents the Power to Use the Real Web

Then imagine it replying: "Sorry, the website won't let me in." That's the quiet failure mode behind most AI agents today.

US CISA adds 'insane' Linux copy fail flaw to watch list

A newly discovered vulnerability could affect most open-source major Linux distributions released since 2017, according to ...