Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
Crowdfund Insider

250,000+ Potential Digital Security Issues in GitHub Actions Workflows Identified in New Report

Cybersecurity researchers at Kaspersky have identified more than 250,000 potential security misconfigurations across GitHub ...
The Hacker News

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply ...
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
InfoQ

Microsoft Brings AI-Powered Vulnerability Remediation to Azure DevOps with Copilot Autofix

Microsoft has announced the limited public preview of Copilot Autofix for GitHub Advanced Security for Azure DevOps, ...

SimpleHelp Flaw Exploited to Deploy Malware Targeting Windows, macOS, and Linux

A SimpleHelp authentication flaw is being exploited to deploy Djinn Stealer, a cross-platform malware targeting cloud, ...
MPR News

Immigration enforcement in Minnesota

Watchdog organization Forum for Constitutional Rights filed a lawsuit Tuesday over a request for records relating to the goals, tactics and execution of “Operation Metro Surge” from the Department of ...
cryptopolitan

Microsoft, Google patch flaws as Cordyceps spread across open-source repositories

Security researchers at Novee found over 300 exploitable CI/CD workflow chains across repositories belonging to Microsoft, Google, Apache, Cloudflare, and the Python Software Foundation. The flaws ...