The Next Web

Microsoft finds USB worm that steals cryptocurrency through clipboard hijacking and Tor

Microsoft discovered a self-spreading USB worm active since February that monitors clipboards for crypto wallets and routes stolen data through Tor.
The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
CSO Online

Microsoft says web-enabled AI agents can trigger host-level RCE

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
GitHub

Remove hardcoded 'localhost' references in Prefect Server UI Vue Apollo JavaScript

When deploying the Docker image for the ui component, it appears to be a simple nginx container serving static webpage assets (JavaScript, CSS, etc.). The challenge comes when we want to customize the ...
Bleeping Computer

WSL2 Now Supports Localhost Connections From Windows 10 Apps

With the release of the Windows 10 Insider build 18945, the Windows Subsystem for Linux version 2 now supports the ability for Windows 10 applications to connect to WSL2 apps via localhost. When WSL2 ...
GitHub

api url points to localhost:8888

I think this is due to "this.namespace" the url builder that is in place. it tries to find this.namespace, which is undefined, and this points the script to localhost instead of agilecrm.com. I'm ...