Microsoft fixes AutoGen Studio flaw that enabled code execution

A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers ...
techtimes

OpenAI Codex Automation Gains Record and Replay: Show It Once, Skip the Script

OpenAI has added a feature to its Codex macOS app that changes the barrier to AI-powered automation: instead of writing a prompt or configuring a workflow, a user performs a task while Codex watches, ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
decrypt

Perplexity Built a Tool That Checks Your Computer for Infected Software—Without Setting Off the Infection

Add Decrypt as your preferred source to see more of our stories on Google. Bumblebee is a free, open-source tool that checks developer computers for compromised software, browser extensions, and AI ...
Hosted on MSN

The TanStack supply chain attack poisoned 160 npm and PyPI packages — reaching OpenAI, Mistral AI, and UiPath through compromised build pipelines

On May 11, 2026, a self-replicating worm called Mini Shai-Hulud quietly slipped into 42 widely used TanStack open-source packages, corrupting 84 npm artifacts before anyone noticed. Within hours, the ...
GitHub

Zero-dependency CLI scanner for npm and PyPI supply chain compromises.

On May 11, 2026, a self-propagating supply chain worm dubbed Mini Shai-Hulud (CVE-2026-45321, GHSA-g7cv-rxg3-hmpx) compromised the npm ecosystem. Attributed to TeamPCP (aka DeadCatx3, PCPcat, ...
LinkedIn

Mini Shai-Hulud: The npm Worm Hitting TanStack, Mistral AI, and UiPath. What You Need to Know

On May 11, 2026, at 19:20 UTC, something happened in the npm ecosystem that the security industry has been warning about for years. And almost nobody was prepared for. In six minutes, 84 malicious ...
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 packages across multiple high-profile NPM and PyPI projects were compromised in a new, coordinated Mini Shai-Hulud software supply chain attack. The campaign hit 42 TanStack packages, 65 ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP, the threat actor behind the recentsupply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as ...
GitHub

lean output compaction for terminal-heavy agent workflows.

tokenjuice is a deterministic output compactor for terminal-heavy agent workflows. agents and harnesses run noisy commands like git status, pnpm test, docker build, rg, or pnpm --help; tokenjuice ...
LinkedIn

Handling Popups in Robotic Process Automation with UiPath: Introducing the Close Popup Activity

In the realm of Robotic Process Automation (RPA), one of the perennial challenges has been effectively handling unexpected popups, especially JavaScript popups in browsers. These interruptions can ...