The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
The Hacker News

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...
Bleeping Computer

VS Code zero-day lets hackers steal GitHub tokens in one click

A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a ...
CNET

Hackers Conned a Chatbot to Hijack 20,000 Instagram Accounts

Joe is a freelance journalist. It all started with a long-running affection for building his own PCs, which he did for the first time as a teenager. It evolved into a lifelong enjoyment of putting ...
Bleeping Computer

New Gogs zero-day flaw lets hackers get remote code execution

An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. Designed as an alternative to GitHub ...
Memeburn

Hackers Steal 3,800 GitHub Repos Through Fake VS Code Extension

GitHub breach fears are back after the company confirmed attackers accessed thousands of internal repositories through a poisoned VS Code extension. GitHub says customer repositories were not affected ...
TechCrunch

Hackers hijacked Instagram accounts by tricking Meta AI support chatbot into granting access

Instagram has resolved a security issue that allowed several users’ accounts to get hacked. The attack appeared to rely on tricking Meta’s own AI-powered support chatbot into granting access to a ...
CNN

Iranian hackers are targeting aviation, oil and gas companies in espionage scheme, researchers say

Iranian hackers have posed as job recruiters to target software engineers in the aviation sector as part of an elaborate espionage scheme during the US and Israeli war with Iran, cybersecurity ...
TechSpot

Hackers breach GitHub and access 3,800 internal repositories now listed for sale

What we know so far: Hackers have reportedly used a malicious Visual Studio Code extension to gain access to a GitHub developer's machine, then leveraged the stolen credentials to move into GitHub's ...
Krebs on Security

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions ...
The Guardian

Hackers trick Meta AI support bot to infiltrate Obama White House Instagram account

Breach of high-profile accounts raises concerns about reliance on AI for security measures such as passwords Hackers used Meta’s AI-powered support chatbot to infiltrate high-profile Instagram ...
BBC

Instagram AI chatbot tricked by hackers to give access to others' accounts

Instagram says it has resolved an issue which saw hackers trick its AI support tool into giving them access to other users' accounts. According to claims shown in screenshots and videos shared on ...