AutoJack – A Single Web Page Can Hijack Your AI Agent to Execute Malicious Code
A critical exploit chain dubbed AutoJack that allows a single malicious web page to hijack Microsoft’s AutoGen Studio browsing agent and execute arbitrary code on…
Month: June 2026
Critical WordPress Plugin Bug Could Allow File Deletion Attacks on 1 Million Sites
A serious security vulnerability has been uncovered in the widely used Avada (Fusion) Builder WordPress plugin. This flaw could enable unauthenticated attackers to delete arbitrary…
eFAQ Publishes Investigation Into Alleged Scam Activity and Coordinated Reputation Attacks
New York, USA, June 19th, 2026, CyberNewswire eFAQ has published a documented investigation into a coordinated reputation attack campaign aimed at influencing brand perception in…
Forget traffic lights, Google’s reCAPTCHA may ask for hand gestures
Google has introduced hand gesture verification for reCAPTCHA, a new method for verifying that a user is human. Google’s reCAPTCHA is part of Google Cloud…
AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution
Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution. Steer the agent…
nLighten completes £15m refurbishment of Bristol ‘edge’ datacentre
nLighten has completed a £15m refurbishment of its Bristol datacentre, doubling its artificial intelligence (AI)-ready power capacity to 1.2MW to support regional enterprise workloads. The…
Cisco to Acquire WideField Security to Boost Splunk’s Agentic SOC
Cisco on Thursday announced an agreement to acquire identity lifecycle security company WideField Security to strengthen the capabilities of Splunk’s Agentic SOC. No financial details…
![Unit 42 observed an initial access broker (IAB) on the Russian-language cybercrime forum Exploit[.]in claiming responsibility for this campaign of large-scale credential attacks, referencing a CVE (no further information), and offering the harvested credentials for sale on June 16, 2026. Unit 42 has not validated their claims at this time.](https://image.cybernoz.com/wp-content/uploads/2026/06/Threat-Brief-Mitigating-Large-Scale-Credential-Attacks-600x340.png)
Threat Brief: Mitigating Large-Scale Credential Attacks
Unit 42 is aware of a large-scale password spraying and credential theft campaign (“FortiBleed”) against Fortinet devices. We observed attempts targeting MSSQL devices as well,…
Security considerations for adopting Claude Code and Cowork for SMBs
You are a security leader at a small or medium-sized business (SMB), and your organization has decided to adopt Claude. If you are like me,…
Wiz at Google Cloud Next: Machine-Speed AI Defense
Security teams have spent decades fighting the same ghosts: misconfigurations, over-privileged identities, and unpatched CVEs. But today, AI has given those ghosts a megaphone. By…
Klue OAuth breach victim list grows as Icarus hackers claim attack
Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers’ Salesforce…
Critical Chrome Extension Vulnerabilities Let Attackers Easily Compromise Browsers
A critical security flaws in widely used Chrome extensions, exposing millions of users to the risk of full browser compromise. The vulnerabilities, named “MaXSS” and…