The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
Security Boulevard

SmartApeSG Launches Okendo Reviews Supply Chain Attack

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...
The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.
Telegraph Herald

Trump deepens the dustup with Italy's Meloni, who says his 'unprovoked attacks are senseless'

President Donald Trump on Saturday lashed out at Italian Prime Minister Giorgia Meloni, insisting that she asked “over and ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

WordPress Plugins: Supply Chain Attack Puts 1.2 Million Sites at Risk

In a supply chain attack, attackers install backdoors through the WordPress plugins OptinMonster, TrustPulse, and PushEngage.
Telegraph Herald

Ukrainian drones set Moscow refinery ablaze in major attack

Ukraine hit a major Moscow oil refinery for a second time in a week and disrupted commercial flights at Moscow airports in one of its biggest drone attacks since Russia’s ...
Morning Overview on MSN

The fake-CAPTCHA trick spreading now asks you to paste a command that installs malware

The Federal Trade Commission issued a consumer alert in June 2026 warning that a new breed of fake CAPTCHA pop-ups is tricking Windows users into running malicious commands on their own computers. The ...

Over 1 million WordPress sites at risk after popular plugins hacked

Three popular plugins served malicious JavaScript through a compromised CDN.

Moscow blanketed in noxious smoke after Ukraine launches biggest attack on Russia yet

Moscow residents were forced to cower in underground car parks amid the Ukrainian onslaught.

G7 leaders back Trump’s deal to end Iran war as more details of it emerge

Leaders at the Group of Seven summit have backed U.S. President Donald Trump's tentative agreement with Iran to open the ...
AARP

AARP’s Movies for Grownups 25 Hottest Gen X Actors

Help Register Login Login Hi, %{firstName}% Hi, %{firstName}% Games Car rental Gen X is having its moment. The generation ...