New MCP specification kills old risks but opens fresh attack surfaces, Akamai finds

A major overhaul of the Model Context Protocol due next month removes several longstanding protocol-level security risks but ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
LinkedIn

AutoJack: When Your AI Agent Becomes the Attacker's Delivery Vehicle

Crack 3 — server_params From the URL Is the Command Line (CWE-78) The MCP WebSocket endpoint accepted a server_params query parameter — base64-encoded JSON specifying which tool server to launch, ...
The Hacker News

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Earlier this month, I spoke at the Gartner Security & Risk Management Summit about a blind spot most security programs are still not accounting for - how attackers are circumventing AI security ...
SecurityWeek

Critical SimpleHelp Vulnerability Exploited for Malware Delivery

A threat actor has been exploiting CVE-2026-48558, a critical SimpleHelp vulnerability, to drop TaskWeaver and Djinn Stealer ...
The Hacker News

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

Island found dormant JavaScript injection paths in Adblock for YouTube, a Chrome extension with 10M+ installs, raising ...
LinkedIn

Amazon Bedrock AgentCore Web Search for Live Data Access

- Use the Browser Tool only for complex JavaScript pages or login walls. Using the Browser Tool for simple lookups adds 3 to 8 seconds of latency. - Check your IAM permissions. Ensure you have the ...
GitHub

Mr-xn/Penetration_Testing_POC

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell ...