The Hacker News

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

Island found dormant JavaScript injection paths in Adblock for YouTube, a Chrome extension with 10M+ installs, raising ...
blockonomi

Polymarket Hack: $3M Drained in Supply-Chain Frontend Attack

Polymarket hack stemmed from a compromised third-party vendor that injected malicious JavaScript into the platform’s frontend. Over 11 wallets lost PUSD on Polygon; stolen funds were bridged to ...

Microsoft fixes AutoGen Studio flaw that enabled code execution

A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers ...
CPO Magazine

Over 100 AI Coding Agents Taken Over Via New “Agentjacking” Attack

The new “agentjacking” attack takes almost no real hacking ability to pull off. It's predicated on pulling a public ...
The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
CSO Online

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

Did 19-year-old Nisarga Adhikary hack CBSE OSM portal? Claims, counterclaims explained

Nisarga Adhikary claimed he had hacked the CBSE website and identified serious lapses in the agency's On Screen Marking (OSM) system.

Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other ...
CoinDesk

The $293 million KelpDAO hack shows why DeFi is finally being forced to grow up

The $293 million KelpDAO exploit exposed how modern DeFi’s biggest vulnerabilities increasingly come from infrastructure, governance and operational security and not smart contract bugs, as protocols ...
The New York Times

‘Life Hack’ Review: A Heist That Never Leaves the Screen

A group of teenagers seem to be targeting a cryptocurrency billionaire out of boredom, but they have a more sympathetic motive in this hacker film. By Chris Azzopardi When you purchase a ticket for an ...
CNET

Canvas Hack Aftermath: Congress Wants Instructure to Answer Questions

A hacker group stole data from more than 9,000 schools using an exploit in Instructure's service. Now the House Homeland Security Committee is getting involved. Tyler is a writer for CNET covering ...