The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Microsoft finally admits its default Windows 11 25H2, 24H2 action broke key legacy component

Microsoft has finally acknowledged that a default action in Windows 11 versions 25H2 and 24H2 disrupted a key legacy ...
Windows Report

Microsoft Confirms Long-Running Windows 11 JScript Compatibility Issue

Microsoft has acknowledged a long-running JScript9Legacy compatibility issue affecting some legacy apps on Windows 11 24H2 ...
The Next Web

A single click on a Microsoft link could have drained your inbox. Here’s how SearchLeak worked.

Varonis chained three bugs in Microsoft 365 Copilot Enterprise Search into a one-click data theft path that bypassed phishing filters and CSP protections.
U.S. News & World Report

How I Save Money by Living Simply in Retirement

Embracing a simple lifestyle in retirement can help you relax, appreciate what you have and save money over the long term. Janet Ruth Heller and her husband, Michael, both former college professors in ...

Hackers turn Microsoft 365 Copilot into a one-click data theft tool

Varonis found a way to chain three bugs into one exploit that can lead to data exfiltration.