AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution.

Steer the agent to load an attacker’s web page, and that page’s JavaScript can reach a privileged local service on the same machine and spawn a process on the host.

No credentials, no sign-in screen, and no further user interaction once

Source: The Hacker News

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication Read on The Hacker News Source: The Hacker News

Read More

CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation

CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its

Read More

Emacs 31 is around the corner: The changes I’m daily driving

Emacs 31 is around the corner: The changes I’m daily driving Source: Hacker News

Read More