Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.

Ajax method parameter is a JS object, the object contains type, url, dataType three string parameters, data parameter is an object, success and error is JS callback ...

Attackers can execute arbitrary commands remotely through the exposed UDP server port by sending specially crafted commands to RealTek AP Router SDK devices.

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

React Context Context is for dependency injection. It is not a state store. - Use it for themes. - Use it for auth users. - Use it for feature flags. Frequent updates in Context cause too many ...

Socket researchers linked 152 Chrome wallpaper extensions to hidden data logging, fake Google search traffic, and ad ...

Security researchers from GoDaddy found a cheeky new malware campaign that used comments made by Steam Community accounts as command-and-control (C2) infrastructure. Here is how the attack plays out: ...

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...