Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with running a seemingly benign GitHub repository could execute a malicious payload that is ...
The Hacker News

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

Island found dormant JavaScript injection paths in Adblock for YouTube, a Chrome extension with 10M+ installs, raising ...
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.

AMD confirms 26.6.2 FSR driver breaks on many Windows PCs0 0

AMD has confirmed a major driver issue that is affecting many users running Windows PCs with the latest 26.6.2 update.
CSO Online

Hole in widely-used FFmpeg codec could crash media servers or enable RCE

Research from JFrog into the software supply chain vulnerability points to the need for better visibility into applications, ...

FFmpeg fixes PixelSmash flaw in widely used video decoder

A newly disclosed FFmpeg flaw dubbed 'PixelSmash' could be exploited for remote code execution on Jellyfin servers under ...