Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
CNET

Google's Been Quietly Using Your Hard Drive for AI. Here's What to Do About It

A 4GB file called weights.bin may have appeared on your hard drive, thanks to Chrome. Here's what it is and how to get rid of it. Alex Valdes from Bellevue, Washington has been pumping content into ...
Harvard Business Review

How People Are Really Using AI in 2026

It’s been three-and-a-half years since generative AI exploded onto the scene. In this past year, progress has continued its relentless pace: Vibe coding took off, companies embraced agentic workflows, ...