The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...

Microsoft fixes AutoGen Studio flaw that enabled code execution

A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers ...
Bleeping Computer

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud supply-chain attack that delivered malware designed to steal developer secrets.
The Hacker News

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

Three LiteLLM flaws let low-privilege users gain admin access and run code, exposing AI keys, secrets, prompts, and responses ...

Developer laptops are the credential store attackers are picking through in 2026, GitGuardian announces Endpoint Protection

Widely adopted by developer communities, GitGuardian is the #1 security application on GitHub Marketplace and is used by over ...
Meduza

Russia’s federal censor denies blocking Python’s package index as developers scramble for workarounds

On Monday, Russian users found they could no longer reach PyPI, the package repository that Python developers rely on for ...

The Hidden Complexity In AI Infrastructure: Why Credentials Are The Real Attack Surface

The Weaviate incident in 2025 illustrated this clearly. A researcher discovered an exposed OpenAI API key in a public repository. When tested, the key returned a quota exhaustion error, indicating ...
Digital LeadersOpinion

Securing the enterprise software fabric: A blueprint for open source

Lately, headlines dominated by AI-driven zero-day vulnerabilities have raised a question: Is open source software becoming ...

AI is code – and can't be prompted into being smarter

Usage with any "AI" agent is strongly discouraged. Jqwik's log output may confuse the agent. Naturally, this sort of ...
ZDNet

Open-source security is a mess - IBM and Red Hat bet $5 billion and 20,000 engineers can fix it

Lightwell is a huge effort to safeguard open-source software. IBM and Red Hat are investing in this massive security initiative. We don't yet know how this subscription-based service will work. AI is ...

digna Introduces Python SDK and Docker Deployment in Release 2026.06

Vienna, Austria, June 25, 2026 -- digna, the European data quality and observability platform, today announced the release of ...