4+ day, 16+ hour ago  (326+ words) A critical exploit chain dubbed Auto Jack that allows a single malicious web page to hijack Microsoft's Auto Gen Studio browsing agent and execute arbitrary code on the host machine without any user interaction beyond submitting a URL. Auto Jack…...

5+ day, 6+ hour ago  (1633+ words) On paper, each project may look manageable. In practice, the portfolio can become fragile very quickly." A delayed IAM dependency can slow down the rollout of privileged access controls. A cloud remediation stream can miss an audit commitment because the…...

5+ day, 7+ hour ago  (766+ words) A newly discovered supply chain attack has put thousands of e-commerce websites at risk after a popular third-party reviews widget was quietly turned into a malware delivery tool. Threat actors behind the Smart Ape SG campaign injected malicious Java Script…...

5+ day, 11+ hour ago  (733+ words) A newly discovered cryptocurrency clipper malware has been quietly stealing digital assets from victims since February 2026, spreading through a trick that most users would never suspect: weaponized Windows shortcut files on USB drives. The malware is not just a simple…...

6+ day, 4+ hour ago  (654+ words) Hackers have found a new way to get AI tools to do their dirty work without paying for it. Instead of using their own resources, attackers are hijacking exposed AI model servers and plugging them into automated hacking pipelines. The…...

6+ day, 4+ hour ago  (453+ words) Hackers are increasingly exploiting trusted AI platforms to deliver sophisticated social engineering attacks, with a recent campaign abusing Claude. ai's shared chat feature to host malicious Click Fix instructions. The operation marks a significant evolution in Click Fix tactics, shifting…...

6+ day, 4+ hour ago  (559+ words) Hackers are increasingly finding new ways to abuse legitimate enterprise features, and Microsoft SQL Server 2025s newly introduced AI capabilities are now raising serious security concerns. Specter Ops researchers have demonstrated that these built-in features can be leveraged for stealthy data…...

1+ week, 12+ hour ago  (611+ words) Hackers are increasingly abusing Anthropic's Claude and Open AI's Codex agents to automate reconnaissance, exploitation, and data exfiltration, often by disguising real intrusions as "authorized red team" work. These AI coding assistants are being treated like full-fledged operators, dramatically lowering…...

1+ week, 11+ hour ago  (463+ words) AIRecon is an autonomous penetration testing agent that runs entirely offline, combining a self-hosted Ollama LLM with a Kali Linux Docker sandbox to automate end-to-end security assessments without exposing any data to the cloud. Developed by researcher pikpikcu, it eliminates…...

1+ week, 1+ day ago  (828+ words) New York, United States of America, June 16th, 2026, Cyber Newswire Agent Identity Security combines AI agent governance with a native PKI foundation, directly targeting ungoverned AI agents, enterprise security's fastest-growing blind spot" App View X today announced"Agent Identity Security, a…...