Microsoft warns AI agents are being 'AutoJack'-ed to deliver RCE payloads

Three minor vulnerabilities chained together can cause a lot of trouble but Microsoft fixed it on time.

AMD denies researcher $10,000 bug bounty reward — despite spotting critical-severity issue

The company updated its bug bounty disclosure rules retroactively.
latesthackingnews.com

How CVE-2026-20253 Turns Splunk’s PostgreSQL Sidecar Into an Open Door

CVE-2026-20253 is a CVSS 9.8 pre-auth flaw in Splunk Enterprise's PostgreSQL sidecar service. An unauthenticated attacker can ...
CSO Online

Microsoft says web-enabled AI agents can trigger host-level RCE

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...
The Hacker News

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

CISA added CVE-2026-42271, a high-severity LiteLLM command injection flaw, to its KEV catalog after evidence of active ...
CSO Online

Google’s Vertex AI SDK could allow RCE through bucket squatting

Google reportedly patched a flaw in the Vertex AI SDK for Python that could allow attackers to hijack model uploads and ...

New Veeam vulnerability exposes backup servers to RCE attacks

Veeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain ...
Indiatimes

The entire Call of Duty World War 2 RCE hack controversy explained

Call of Duty: WWII on Xbox Game Pass has suffered a major RCE hack, compromising players systems. Users reported hackers completely taking control, and even communicating with players through notepad.