The Hacker News

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...
The Hacker News

Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code

Researchers warn Agentjacking can abuse Sentry errors to make AI coding agents run malicious code on developer machines.
Decrypt

AI Agents Still Can't Stop Prompt Injection Attacks, Researchers Warn

A new benchmark study found AI agents remain vulnerable to prompt injection attacks as companies increasingly roll out the ...

WebMCP Can Be Used To Hijack AI Agents, Chrome Warns

Chrome's WebMCP guidance warns that AI agents can be manipulated through the tools they are built to trust.