Chainguard's new Athena coalition uses AI to fix open-source flaws - before attackers exploit them

Chainguard's new Athena coalition uses AI to fix open-source flaws - before attackers exploit them ...
The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.
latesthackingnews.com

CVE-2026-48907: How the Joomla JCE Exploit Works and What to Do About It

CVE-2026-48907 in the Joomla JCE plugin lets unauthenticated attackers drop PHP web shells with a single crafted request.
The Next Web

Attackers hijacked over 1,500 Arch Linux packages to steal developers’ secrets, no hacking required

Attackers hijacked over 1,500 packages in Arch Linux's AUR to plant a credential stealer. The official repos are safe, but the trust model took the hit.