The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
Bleeping Computer

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...
CSO Online

Microsoft says web-enabled AI agents can trigger host-level RCE

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Home Assistant: Smartphone apps allow takeover by attackers

The companion apps for Android and iOS create a security vulnerability in Home Assistant. Attackers could take over instances ...

105K Chrome Installs Linked to Adware and Fake Google Traffic

Socket researchers linked 152 Chrome wallpaper extensions to hidden data logging, fake Google search traffic, and ad ...
Healthline

Injectables for Type 2 Diabetes: Options, Risks, and Effects

Glucagon-like peptide-1 (GLP-1) receptor agonists and dual glucose-dependent insulinotropic polypeptide (GIP)/GLP-1 receptor agonists help manage blood sugar in type 2 diabetes. They may also support ...
Medical News Today

Lupron Depot (leuprolide acetate)

Lupron Depot is a brand-name intramuscular injection (an injection given into the muscle). It’s prescribed for advanced prostate cancer and other hormone-related conditions, such as endometriosis, ...